Microsoft Internet Explorer vulnerabilities

CVE-1999-0468 [HIGH] CWE-200 CVE-1999-0468: Internet Explorer 5.0 allows a remote server to read arbitrary files on the client's file system usi Internet Explorer 5.0 allows a remote server to read arbitrary files on the client's file system using the Microsoft Scriptlet Component.

CVE-1999-0469 [MEDIUM] CVE-1999-0469: Internet Explorer 5.0 allows window spoofing, allowing a remote attacker to spoof a legitimate web s Internet Explorer 5.0 allows window spoofing, allowing a remote attacker to spoof a legitimate web site and capture information from the client.

CVE-1999-1370 [HIGH] CVE-1999-1370: The setup wizard (ie5setup.exe) for Internet Explorer 5.0 disables (1) the screen saver, which could The setup wizard (ie5setup.exe) for Internet Explorer 5.0 disables (1) the screen saver, which could leave the system open to users with physical access if a failure occurs during an unattended installation, and (2) the Task Scheduler Service, which might prevent the scheduled execution of security-critical programs.

CVE-1999-1453 [LOW] CVE-1999-1453: Internet Explorer 4 allows remote attackers (malicious web site operators) to read the contents of t Internet Explorer 4 allows remote attackers (malicious web site operators) to read the contents of the clipboard via the Internet WebBrowser ActiveX object.

CVE-1999-0869 [LOW] CVE-1999-0869: Internet Explorer 3.x to 4.01 allows a remote attacker to insert malicious content into a frame of a Internet Explorer 3.x to 4.01 allows a remote attacker to insert malicious content into a frame of another web site, aka frame spoofing.

CVE-1999-0870 [LOW] CVE-1999-0870: Internet Explorer 4.01 allows remote attackers to read arbitrary files by pasting a file name into t Internet Explorer 4.01 allows remote attackers to read arbitrary files by pasting a file name into the file upload control, aka untrusted scripted paste.

CVE-1999-0871 [LOW] CVE-1999-0871: Internet Explorer 4.0 and 4.01 allow a remote attacker to read files via IE's cross frame security, Internet Explorer 4.0 and 4.01 allow a remote attacker to read files via IE's cross frame security, aka the "Cross Frame Navigate" vulnerability.

CVE-1999-1447 [MEDIUM] CVE-1999-1447: Internet Explorer 4.0 allows remote attackers to cause a denial of service (crash) via HTML code tha Internet Explorer 4.0 allows remote attackers to cause a denial of service (crash) via HTML code that contains a long CLASSID parameter in an OBJECT tag.

CVE-1999-0537 [HIGH] CVE-1999-0537: A configuration in a web browser such as Internet Explorer or Netscape Navigator allows execution of A configuration in a web browser such as Internet Explorer or Netscape Navigator allows execution of active content such as ActiveX, Java, Javascript, etc.

CVE-1999-0967 [CRITICAL] CVE-1999-0967: Buffer overflow in the HTML library used by Internet Explorer, Outlook Express, and Windows Explorer Buffer overflow in the HTML library used by Internet Explorer, Outlook Express, and Windows Explorer via the res: local resource protocol.

CVE-1999-1446 [LOW] CVE-1999-1446: Internet Explorer 3 records a history of all URL's that are visited by a user in DAT files located i Internet Explorer 3 records a history of all URL's that are visited by a user in DAT files located in the Temporary Internet Files and History folders, which are not cleared when the user selects the "Clear History" option, and are not visible when the user browses the folders because of tailored displays.

CVE-1999-0031 [LOW] CVE-1999-0031: JavaScript in Internet Explorer 3.x and 4.x, and Netscape 2.x, 3.x and 4.x, allows remote attackers JavaScript in Internet Explorer 3.x and 4.x, and Netscape 2.x, 3.x and 4.x, allows remote attackers to monitor a user's web activities, aka the Bell Labs vulnerability.

CVE-1999-0280 [HIGH] CVE-1999-0280: Remote command execution in Microsoft Internet Explorer using .lnk and .url files. Remote command execution in Microsoft Internet Explorer using .lnk and .url files.

CVE-1999-1128 [MEDIUM] CVE-1999-1128: Internet Explorer 3.01 on Windows 95 allows remote malicious web sites to execute arbitrary commands Internet Explorer 3.01 on Windows 95 allows remote malicious web sites to execute arbitrary commands via a .isp file, which is automatically downloaded and executed without prompting the user.