Microsoft Internet Explorer vulnerabilities

CVE-2000-0400 [HIGH] CWE-20 CVE-2000-0400: The Microsoft Active Movie ActiveX Control in Internet Explorer 5 does not restrict which file types The Microsoft Active Movie ActiveX Control in Internet Explorer 5 does not restrict which file types can be downloaded, which allows an attacker to download any type of file to a user's system by encoding it within an email message or news post.

CVE-2000-0439 [LOW] CVE-2000-0439: Internet Explorer 4.0 and 5.0 allows a malicious web site to obtain client cookies from another doma Internet Explorer 4.0 and 5.0 allows a malicious web site to obtain client cookies from another domain by including that domain name and escaped characters in a URL, aka the "Unauthorized Cookie Access" vulnerability.

CVE-2000-0266 [LOW] CVE-2000-0266: Internet Explorer 5.01 allows remote attackers to bypass the cross frame security policy via a malic Internet Explorer 5.01 allows remote attackers to bypass the cross frame security policy via a malicious applet that interacts with the Java JSObject to modify the DOM properties to set the IFRAME to an arbitrary Javascript URL.

CVE-2000-0201 [MEDIUM] CVE-2000-0201: The window.showHelp() method in Internet Explorer 5.x does not restrict HTML help files (.chm) to be The window.showHelp() method in Internet Explorer 5.x does not restrict HTML help files (.chm) to be executed from the local host, which allows remote attackers to execute arbitrary commands via Microsoft Networking.

CVE-2000-0160 [HIGH] CVE-2000-0160: The Microsoft Active Setup ActiveX component in Internet Explorer 4.x and 5.x allows a remote attack The Microsoft Active Setup ActiveX component in Internet Explorer 4.x and 5.x allows a remote attacker to install software components without prompting the user by stating that the software's manufacturer is Microsoft.

CVE-2000-0162 [MEDIUM] CVE-2000-0162: The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet that escapes the Java sandbox, aka the "VM File Reading" vulnerability.

CVE-2000-0156 [MEDIUM] CVE-2000-0156: Internet Explorer 4.x and 5.x allows remote web servers to access files on the client that are outsi Internet Explorer 4.x and 5.x allows remote web servers to access files on the client that are outside of its security domain, aka the "Image Source Redirect" vulnerability.

CVE-2000-0061 [CRITICAL] CVE-2000-0061: Internet Explorer 5 does not modify the security zone for a document that is being loaded into a win Internet Explorer 5 does not modify the security zone for a document that is being loaded into a window until after the document has been loaded, which could allow remote attackers to execute Javascript in a different security context while the document is loading.

CVE-1999-0876 [CRITICAL] CWE-119 CVE-1999-0876: Buffer overflow in Internet Explorer 4.0 via EMBED tag. Buffer overflow in Internet Explorer 4.0 via EMBED tag.

CVE-1999-1087 [HIGH] CVE-1999-1087: Internet Explorer 4 treats a 32-bit number ("dotless IP address") in the a URL as the hostname inste Internet Explorer 4 treats a 32-bit number ("dotless IP address") in the a URL as the hostname instead of an IP address, which causes IE to apply Local Intranet Zone settings to the resulting web page, allowing remote malicious web servers to conduct unauthorized activities by using URLs that contain the dotless IP address for their server.

CVE-1999-1094 [HIGH] CVE-1999-1094: Buffer overflow in Internet Explorer 4.01 and earlier allows remote attackers to execute arbitrary c Buffer overflow in Internet Explorer 4.01 and earlier allows remote attackers to execute arbitrary commands via a long URL with the "mk:" protocol, aka the "MK Overrun security issue."

CVE-1999-1472 [MEDIUM] CVE-1999-1472: Internet Explorer 4.0 allows remote attackers to read arbitrary text and HTML files on the user's ma Internet Explorer 4.0 allows remote attackers to read arbitrary text and HTML files on the user's machine via a small IFRAME that uses Dynamic HTML (DHTML) to send the data to the attacker, aka the Freiburg text-viewing issue.

CVE-1999-1093 [MEDIUM] CVE-1999-1093: Buffer overflow in the Window.External function in the JScript Scripting Engine in Internet Explorer Buffer overflow in the Window.External function in the JScript Scripting Engine in Internet Explorer 4.01 SP1 and earlier allows remote attackers to execute arbitrary commands via a malicious web page.

CVE-1999-1473 [MEDIUM] CVE-1999-1473: When a Web site redirects the browser to another site, Internet Explorer 3.02 and 4.0 automatically When a Web site redirects the browser to another site, Internet Explorer 3.02 and 4.0 automatically resends authentication information to the second site, aka the "Page Redirect Issue."

CVE-2000-0028 [LOW] CVE-2000-0028: Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the cross frame security policy and Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the cross frame security policy and read files via the external.NavigateAndFind function.

CVE-1999-0981 [MEDIUM] CWE-59 CVE-1999-0981: Internet Explorer 5.01 and earlier allows a remote attacker to create a reference to a client window Internet Explorer 5.01 and earlier allows a remote attacker to create a reference to a client window and use a server-side redirect to access local files via that window, aka "Server-side Page Reference Redirect."

CVE-1999-0858 [MEDIUM] CWE-16 CVE-1999-0858: Internet Explorer 5 allows a remote attacker to modify the IE client's proxy configuration via a mal Internet Explorer 5 allows a remote attacker to modify the IE client's proxy configuration via a malicious Web Proxy Auto-Discovery (WPAD) server.

CVE-1999-0793 [LOW] CVE-1999-0793: Internet Explorer allows remote attackers to read files by redirecting data to a Javascript applet. Internet Explorer allows remote attackers to read files by redirecting data to a Javascript applet.

CVE-1999-1110 [MEDIUM] CVE-1999-1110: Windows Media Player ActiveX object as used in Internet Explorer 5.0 returns a specific error code w Windows Media Player ActiveX object as used in Internet Explorer 5.0 returns a specific error code when a file does not exist, which allows remote malicious web sites to determine the existence of files on the client.

CVE-2000-0329 [MEDIUM] CVE-2000-0329: A Microsoft ActiveX control allows a remote attacker to execute a malicious cabinet file via an atta A Microsoft ActiveX control allows a remote attacker to execute a malicious cabinet file via an attachment and an embedded script in an HTML mail, aka the "Active Setup Control" vulnerability.