Microsoft Internet Explorer vulnerabilities

CVE-1999-0354 [HIGH] CVE-1999-0354: Internet Explorer 4.x or 5.x with Word 97 allows arbitrary execution of Visual Basic programs to the Internet Explorer 4.x or 5.x with Word 97 allows arbitrary execution of Visual Basic programs to the IE client through the Word 97 template, which doesn't warn the user that the template contains executable content. Also applies to Outlook when the client views a malicious email message.

CVE-1999-0827 [LOW] CVE-1999-0827: By default, Internet Explorer 5.0 and other versions enables the "Navigate sub-frames across differe By default, Internet Explorer 5.0 and other versions enables the "Navigate sub-frames across different domains" option, which allows frame spoofing.

CVE-1999-1577 [MEDIUM] CVE-1999-1577: Buffer overflow in HHOpen ActiveX control (hhopen.ocx) 1.0.0.1 for Internet Explorer 4.01 and 5 allo Buffer overflow in HHOpen ActiveX control (hhopen.ocx) 1.0.0.1 for Internet Explorer 4.01 and 5 allows remote attackers to execute arbitrary commands via long arguments to the OpenHelp method.

CVE-1999-0877 [MEDIUM] CWE-200 CVE-1999-0877: Internet Explorer 5 allows remote attackers to read files via an ExecCommand method called on an IFR Internet Explorer 5 allows remote attackers to read files via an ExecCommand method called on an IFRAME.

CVE-1999-1578 [MEDIUM] CVE-1999-1578: Buffer overflow in Registration Wizard ActiveX control (regwizc.dll, InvokeRegWizard) 3.0.0.0 for In Buffer overflow in Registration Wizard ActiveX control (regwizc.dll, InvokeRegWizard) 3.0.0.0 for Internet Explorer 4.01 and 5 allows remote attackers to execute arbitrary commands.

CVE-1999-0702 [CRITICAL] CWE-94 CVE-1999-0702: Internet Explorer 5.0 and 5.01 allows remote attackers to modify or execute files via the Import/Exp Internet Explorer 5.0 and 5.01 allows remote attackers to modify or execute files via the Import/Export Favorites feature, aka the "ImportExportFavorites" vulnerability.

CVE-1999-1575 [MEDIUM] CVE-1999-1575: The Kodak/Wang (1) Image Edit (imgedit.ocx), (2) Image Annotation (imgedit.ocx), (3) Image Scan (img The Kodak/Wang (1) Image Edit (imgedit.ocx), (2) Image Annotation (imgedit.ocx), (3) Image Scan (imgscan.ocx), (4) Thumbnail Image (imgthumb.ocx), (5) Image Admin (imgadmin.ocx), (6) HHOpen (hhopen.ocx), (7) Registration Wizard (regwizc.dll), and (8) IE Active Setup (setupctl.dll) ActiveX controls for Internet Explorer (IE) 4.01 and 5.0 are marked as "Safe fo

CVE-1999-0891 [MEDIUM] CWE-94 CVE-1999-0891: The "download behavior" in Internet Explorer 5 allows remote attackers to read arbitrary files via a The "download behavior" in Internet Explorer 5 allows remote attackers to read arbitrary files via a server-side redirect.

CVE-1999-0670 [MEDIUM] CVE-1999-0670: Buffer overflow in the Eyedog ActiveX control allows a remote attacker to execute arbitrary commands Buffer overflow in the Eyedog ActiveX control allows a remote attacker to execute arbitrary commands.

CVE-1999-0669 [MEDIUM] CVE-1999-0669: The Eyedog ActiveX control is marked as "safe for scripting" for Internet Explorer, which allows a r The Eyedog ActiveX control is marked as "safe for scripting" for Internet Explorer, which allows a remote attacker to execute arbitrary commands as demonstrated by Bubbleboy.

CVE-1999-1016 [MEDIUM] CVE-1999-1016: Microsoft HTML control as used in (1) Internet Explorer 5.0, (2) FrontPage Express, (3) Outlook Expr Microsoft HTML control as used in (1) Internet Explorer 5.0, (2) FrontPage Express, (3) Outlook Express 5, and (4) Eudora, and possibly others, allows remote malicious web site or HTML emails to cause a denial of service (100% CPU consumption) via large HTML form fields such as text inputs in a table cell.

CVE-1999-1235 [MEDIUM] CVE-1999-1235: Internet Explorer 5.0 records the username and password for FTP servers in the URL history, which co Internet Explorer 5.0 records the username and password for FTP servers in the URL history, which could allow (1) local users to read the information from another user's index.dat, or (2) people who are physically observing ("shoulder surfing") another user to read the information from the status bar when the user moves the mouse over a link.

CVE-1999-0668 [MEDIUM] CVE-1999-0668: The scriptlet.typelib ActiveX control is marked as "safe for scripting" for Internet Explorer, which The scriptlet.typelib ActiveX control is marked as "safe for scripting" for Internet Explorer, which allows a remote attacker to execute arbitrary commands as demonstrated by Bubbleboy.

CVE-1999-0802 [HIGH] CWE-119 CVE-1999-0802: Buffer overflow in Internet Explorer 5 allows remote attackers to execute commands via a malformed F Buffer overflow in Internet Explorer 5 allows remote attackers to execute commands via a malformed Favorites icon.

CVE-1999-0917 [MEDIUM] CVE-1999-0917: The Preloader ActiveX control used by Internet Explorer allows remote attackers to read arbitrary fi The Preloader ActiveX control used by Internet Explorer allows remote attackers to read arbitrary files.

CVE-1999-1241 [CRITICAL] CVE-1999-1241: Internet Explorer, with a security setting below Medium, allows remote attackers to execute arbitrar Internet Explorer, with a security setting below Medium, allows remote attackers to execute arbitrary commands via a malicious web page that uses the FileSystemObject ActiveX object.

CVE-1999-1367 [MEDIUM] CVE-1999-1367: Internet Explorer 5.0 does not properly reset the username/password cache for Web sites that do not Internet Explorer 5.0 does not properly reset the username/password cache for Web sites that do not use standard cache controls, which could allow users on the same system to access restricted web sites that were visited by other users.

CVE-1999-0487 [LOW] CVE-1999-0487: The DHTML Edit ActiveX control in Internet Explorer allows remote attackers to read arbitrary files. The DHTML Edit ActiveX control in Internet Explorer allows remote attackers to read arbitrary files.

CVE-1999-0490 [HIGH] CVE-1999-0490: MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to learn information about a local user MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to learn information about a local user's files via an IMG SRC tag.

CVE-1999-0488 [HIGH] CVE-1999-0488: Internet Explorer 4.0 and 5.0 allows a remote attacker to execute security scripts in a different se Internet Explorer 4.0 and 5.0 allows a remote attacker to execute security scripts in a different security context using malicious URLs, a variant of the "cross frame" vulnerability.