Every CVE whose affected-product data names Microsoft Ie, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (200)
CVE-2007-0219 — CVSS 10.0 (critical): Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from (1) Msb1fren.dll, (2) Htmlmm.ocx, and (3) Blnmgrps.dll as ActiveX…
CVE-2004-0216 — CVSS 10.0 (critical): Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary…
CVE-2004-0212 — CVSS 10.0 (critical): Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or…
CVE-2004-0420 — CVSS 10.0 (critical): The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote…
CVE-2003-1027 — CVSS 10.0 (critical): Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other…
CVE-2007-0217 — CVSS 10.0 (critical): The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute arbitrary code via an FTP…
CVE-2006-1186 — CVSS 10.0 (critical): Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by instantiating the (1) Mdt2gddr.dll, (2)…
CVE-2004-1050 — CVSS 10.0 (critical): Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes…
CVE-2004-0985 — CVSS 10.0 (critical): Internet Explorer 6.x on Windows XP SP2 allows remote attackers to execute arbitrary code, as demonstrated using a document with a…
CVE-2008-0078 — CVSS 9.3 (critical): Unspecified vulnerability in an ActiveX control (dxtmsft.dll) in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote…
CVE-2006-1303 — CVSS 9.3 (critical): Multiple unspecified vulnerabilities in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allow remote attackers to execute…
CVE-2006-1359 — CVSS 9.3 (critical): Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a…
CVE-2007-3902 — CVSS 9.3 (critical): Use-after-free vulnerability in the CRecalcProperty function in mshtml.dll in Microsoft Internet Explorer 5.01 through 7 allows remote…
CVE-2009-0552 — CVSS 9.3 (critical): Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 on Windows XP SP2 and SP3, and 6 on Windows Server 2003 SP1 and…
CVE-2009-0550 — CVSS 9.3 (critical): Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server…
CVE-2007-1765 — CVSS 9.3 (critical): Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial…
CVE-2003-1026 — CVSS 9.3 (critical): Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame…
CVE-2007-0944 — CVSS 9.3 (critical): Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on…
CVE-2007-0024 — CVSS 9.3 (critical): Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000…
CVE-2007-0942 — CVSS 9.3 (critical): Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1…
CVE-2006-4697 — CVSS 9.3 (critical): Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from Imjpcksid.dll as ActiveX controls, which allows remote attackers…
CVE-2008-2281 — CVSS 9.3 (critical): Cross-zone scripting vulnerability in the Print Table of Links feature in Internet Explorer 6.0, 7.0, and 8.0b allows user-assisted remote…
CVE-2008-1085 — CVSS 9.3 (critical): Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 through SP1, and 7 allows remote attackers to execute arbitrary…
CVE-2008-0076 — CVSS 9.3 (critical): Unspecified vulnerability in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via…
CVE-2006-3730 — CVSS 8.8 (high): Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and…
CVE-2007-3550 — CVSS 7.8 (high): Microsoft Internet Explorer 6.0 and 7.0 allows remote attackers to fill Zones with arbitrary domains using certain metacharacters such as…
CVE-2005-4269 — CVSS 7.8 (high): mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (access…
CVE-2007-0612 — CVSS 7.8 (high): Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Internet…
CVE-2000-0160 — CVSS 7.6 (high): The Microsoft Active Setup ActiveX component in Internet Explorer 4.x and 5.x allows a remote attacker to install software components…
CVE-2006-4777 — CVSS 7.6 (high): Heap-based buffer overflow in the DirectAnimation Path Control (DirectAnimation.PathControl) COM object (daxctle.ocx) for Internet Explorer…
CVE-2006-2385 — CVSS 7.6 (high): Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows user-assisted remote attackers to execute…
CVE-2004-1166 — CVSS 7.5 (high): CRLF injection vulnerability in Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote attackers to execute arbitrary FTP…
CVE-1999-0989 — CVSS 7.5 (high): Buffer overflow in Internet Explorer 5 directshow filter (MSDXM.OCX) allows remote attackers to execute commands via the vnd.ms.radio…
CVE-2001-0665 — CVSS 7.5 (high): Internet Explorer 6 and earlier allows remote attackers to cause certain HTTP requests to be automatically executed and appear to come from…
CVE-2002-0152 — CVSS 7.5 (high): Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute…
CVE-2002-0153 — CVSS 7.5 (high): Internet Explorer 5.1 for Macintosh allows remote attackers to bypass security checks and invoke local AppleScripts within a specific HTML…
CVE-2002-1142 — CVSS 7.5 (high): Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and…
CVE-2002-1254 — CVSS 7.5 (high): Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model and access information on the local system…
CVE-2003-0113 — CVSS 7.5 (high): Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via an…
CVE-2003-0115 — CVSS 7.5 (high): Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check parameters that are passed during third party rendering, which could…
CVE-2003-0233 — CVSS 7.5 (high): Heap-based buffer overflow in plugin.ocx for Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via the…
CVE-2003-0344 — CVSS 7.5 (high): Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash)…
CVE-2003-0513 — CVSS 7.5 (high): Microsoft Internet Explorer allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e"…
CVE-2003-0530 — CVSS 7.5 (high): Buffer overflow in the BR549.DLL ActiveX control for Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to execute…
CVE-2003-0531 — CVSS 7.5 (high): Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to access and execute script in the My Computer domain using the browser…
CVE-2003-0532 — CVSS 7.5 (high): Internet Explorer 5.01 SP3 through 6.0 SP1 does not properly determine object types that are returned by web servers, which could allow…
CVE-2003-0701 — CVSS 7.5 (high): Buffer overflow in Internet Explorer 6 SP1 for certain languages that support double-byte encodings (e.g., Japanese) allows remote…
CVE-2003-0809 — CVSS 7.5 (high): Internet Explorer 5.01 through 6.0 does not properly handle object tags returned from a Web server during XML data binding, which allows…
CVE-2003-0814 — CVSS 7.5 (high): Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's…
CVE-2003-0815 — CVSS 7.5 (high): Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the…
CVE-2003-0816 — CVSS 7.5 (high): Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a…
CVE-2003-0817 — CVSS 7.5 (high): Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object.
CVE-2003-0823 — CVSS 7.5 (high): Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other…
CVE-2003-0838 — CVSS 7.5 (high): Internet Explorer allows remote attackers to bypass zone restrictions to inject and execute arbitrary programs by creating a popup window…
CVE-2003-1041 — CVSS 7.5 (high): Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL…
CVE-2003-1326 — CVSS 7.5 (high): Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or…
CVE-2003-1328 — CVSS 7.5 (high): The showHelp() function in Microsoft Internet Explorer 5.01, 5.5, and 6.0 supports certain types of pluggable protocols that allow remote…
CVE-2006-5884 — CVSS 7.5 (high): Multiple unspecified vulnerabilities in DirectAnimation ActiveX controls for Microsoft Internet Explorer 5.01 through 6 have unknown impact…
CVE-2006-3450 — CVSS 7.5 (high): Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using the document.getElementByID Javascript function to…
CVE-2004-2291 — CVSS 7.5 (high): Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via an embedded script that uses Shell…
CVE-2005-0053 — CVSS 7.5 (high): Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop…
CVE-2006-1388 — CVSS 7.5 (high): Unspecified vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to execute HTA files via unknown vectors.
CVE-2005-0055 — CVSS 7.5 (high): Internet Explorer 5.01, 5.5, and 6 does not properly validate buffers when handling certain DHTML methods including the createControlRange…
CVE-2006-1245 — CVSS 7.5 (high): Buffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute…
CVE-2006-1188 — CVSS 7.5 (high): Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via HTML elements with a certain crafted tag…
CVE-2006-1185 — CVSS 7.5 (high): Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via certain…
CVE-2005-1989 — CVSS 7.5 (high): Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to obtain information and possibly execute code when…
CVE-2006-0544 — CVSS 7.5 (high): urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 (aka 7.0.5296.0) allows remote attackers to cause a denial of service (application…
CVE-2006-0057 — CVSS 7.5 (high): Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to bypass the Kill bit settings for dangerous ActiveX controls via…
CVE-2005-4827 — CVSS 7.5 (high): Internet Explorer 6.0, and possibly other versions, allows remote attackers to bypass the same origin security policy and make requests…
CVE-2005-2308 — CVSS 7.5 (high): The JPEG decoder in Microsoft Internet Explorer allows remote attackers to cause a denial of service (CPU consumption or crash) and…
CVE-2006-4560 — CVSS 7.5 (high): Internet Explorer 6 on Windows XP SP2 allows remote attackers to execute arbitrary JavaScript in the context of the browser's session with…
CVE-2004-0719 — CVSS 7.5 (high): Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, and possibly other versions, does not properly prevent a frame in one…
CVE-2006-4495 — CVSS 7.5 (high): Microsoft Internet Explorer allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by…
CVE-2006-4219 — CVSS 7.5 (high): The Terminal Services COM object (tsuserex.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary…
CVE-2004-0842 — CVSS 7.5 (high): Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash…
CVE-2006-4193 — CVSS 7.5 (high): Microsoft Internet Explorer 6.0 SP1 and possibly other versions allows remote attackers to cause a denial of service and possibly execute…
CVE-2006-3873 — CVSS 7.5 (high): Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch…
CVE-2004-0866 — CVSS 7.5 (high): Internet Explorer 6.0 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which…
CVE-2004-0867 — CVSS 7.5 (high): Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which…
CVE-2006-3869 — CVSS 7.5 (high): Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch…
CVE-2004-1104 — CVSS 7.5 (high): Microsoft Internet Explorer 6.0 SP2 allows remote attackers to spoof a legitimate URL in the status bar and conduct a phishing attack via a…
CVE-2004-1155 — CVSS 7.5 (high): Internet Explorer 5.01 through 6 allows remote attackers to spoof arbitrary web sites by injecting content from one window into another…
CVE-2005-2831 — CVSS 7.5 (high): Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute…
CVE-2006-3639 — CVSS 7.5 (high): Microsoft Internet Explorer 5.01 and 6 does not properly identify the originating domain zone when handling redirects, which allows remote…
CVE-2006-3638 — CVSS 7.5 (high): Microsoft Internet Explorer 5.01 and 6 does not properly handle uninitialized COM objects, which allows remote attackers to cause a denial…
CVE-2006-3451 — CVSS 7.5 (high): Microsoft Internet Explorer 5 SP4 and 6 do not properly garbage collect when "multiple imports are used on a styleSheets collection" to…
CVE-1999-0839 — CVSS 7.2 (high): Windows NT Task Scheduler installed with Internet Explorer 5 allows a user to gain privileges by modifying the job after it has been…
CVE-2005-4089 — CVSS 7.1 (high): Microsoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using…
CVE-2007-5344 — CVSS 6.8 (medium): Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via a crafted website using Javascript that…
CVE-2007-0943 — CVSS 6.8 (medium): Unspecified vulnerability in Internet Explorer 5.01 and 6 SP1 allows remote attackers to execute arbitrary code via crafted Cascading Style…
CVE-2006-2378 — CVSS 6.8 (medium): Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and…
CVE-2007-3903 — CVSS 6.8 (medium): Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code via uninitialized or deleted objects used in repeated…
CVE-2007-1091 — CVSS 6.8 (medium): Microsoft Internet Explorer 7 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and…
CVE-2007-5347 — CVSS 6.8 (medium): Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via "unexpected method calls to HTML objects,"…
CVE-2006-5544 — CVSS 6.4 (medium): Visual truncation vulnerability in Microsoft Internet Explorer 7 allows remote attackers to spoof the address bar and possibly conduct…
CVE-2002-2125 — CVSS 6.4 (medium): Internet Explorer 6.0 does not warn users when an expired certificate authority (CA) certificate is submitted to the user and a newer CA…
CVE-2004-0845 — CVSS 6.4 (medium): Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof…
CVE-2006-5913 — CVSS 6.4 (medium): Microsoft Internet Explorer 7 allows remote attackers to (1) cause a security certificate from a secure web site to appear invalid via a…
CVE-2006-3643 — CVSS 6.0 (medium): Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local…
CVE-2012-1545 — CVSS 5.8 (medium): Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of…
CVE-2009-2057 — CVSS 5.8 (medium): Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx…
CVE-2009-2069 — CVSS 5.8 (medium): Microsoft Internet Explorer before 8 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy…
CVE-2005-1990 — CVSS 5.1 (medium): Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary…
CVE-2006-2094 — CVSS 5.1 (medium): Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security…
CVE-2005-3240 — CVSS 5.1 (medium): Race condition in Microsoft Internet Explorer allows user-assisted attackers to overwrite arbitrary files and possibly execute code by…
CVE-2004-2383 — CVSS 5.1 (medium): Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to bypass cross-frame scripting restrictions and capture keyboard…
CVE-2004-0475 — CVSS 5.1 (medium): The showHelp function in Internet Explorer 6 on Windows XP Pro allows remote attackers to execute arbitrary local .CHM files via a double…
CVE-2006-4687 — CVSS 5.1 (medium): Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via crafted layout combinations involving DIV…
CVE-2005-1988 — CVSS 5.1 (medium): Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to execute arbitrary code via a web site or an HTML…
CVE-2006-3637 — CVSS 5.1 (medium): Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle various HTML layout component combinations, which allows user-assisted…
CVE-2000-0162 — CVSS 5.1 (medium): The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet that…
CVE-2005-0553 — CVSS 5.1 (medium): Race condition in the memory management routines in the DHTML object processor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows…
CVE-2000-0329 — CVSS 5.1 (medium): A Microsoft ActiveX control allows a remote attacker to execute a malicious cabinet file via an attachment and an embedded script in an…
CVE-2005-2829 — CVSS 5.1 (medium): Multiple design errors in Microsoft Internet Explorer 5.01, 5.5, and 6 allow user-assisted attackers to execute arbitrary code by (1)…
CVE-2000-1061 — CVSS 5.1 (medium): Microsoft Virtual Machine (VM) in Internet Explorer 4.x and 5.x allows an unsigned applet to create and use ActiveX controls, which allows…
CVE-2005-0056 — CVSS 5.1 (medium): Internet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote…
CVE-2005-0054 — CVSS 5.1 (medium): Internet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a less restrictive security zone and execute arbitrary code via an HTML…
CVE-2005-2830 — CVSS 5.0 (medium): Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext…
CVE-2005-4679 — CVSS 5.0 (medium): Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to spoof the URL in the status bar via the title in an image in a…
CVE-2005-4717 — CVSS 5.0 (medium): Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1…
CVE-2005-2087 — CVSS 5.0 (medium): Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers…
CVE-2005-0500 — CVSS 5.0 (medium): Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to spoof the domain name of a URL in a titlebar for a script-initiated…
CVE-2006-1719 — CVSS 5.0 (medium): Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) via any scrollbar Cascading Style Sheets (CSS)…
CVE-2004-2434 — CVSS 5.0 (medium): Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (browser crash) via a link with "::{" (colon colon…
CVE-2006-3354 — CVSS 5.0 (medium): Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Filter property of an…
CVE-2004-2179 — CVSS 5.0 (medium): asycpict.dll, as used in Microsoft products such as Front Page 97 and 98, allows remote attackers to cause a denial of service (hang) via a…
CVE-2006-3471 — CVSS 5.0 (medium): Microsoft Internet Explorer 6 on Windows XP allows remote attackers to cause a denial of service (crash) via a table with a frameset as a…
CVE-2006-3472 — CVSS 5.0 (medium): Microsoft Internet Explorer 6.0 and 6.0 SP1 allows remote attackers to cause a denial of service via an HTML page with an A tag containing…
CVE-2006-3659 — CVSS 5.0 (medium): Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the location or URL property of a…
CVE-2004-0869 — CVSS 5.0 (medium): Internet Explorer does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel…
CVE-2004-0844 — CVSS 5.0 (medium): Internet Explorer 6 on Double Byte Character Set (DBCS) systems allows remote attackers to alter displayed address bars and spoof web pages…
CVE-2006-3910 — CVSS 5.0 (medium): Internet Explorer 6 on Windows XP SP2, when Outlook is installed, allows remote attackers to cause a denial of service (crash) by calling…
CVE-2006-3944 — CVSS 5.0 (medium): Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via a (1) Forms.ListBox.1 or…
CVE-2004-0843 — CVSS 5.0 (medium): Internet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and…
CVE-2004-0841 — CVSS 5.0 (medium): Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use…
CVE-2006-4301 — CVSS 5.0 (medium): Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) via a long Color attribute in multiple…
CVE-2006-4446 — CVSS 5.0 (medium): Heap-based buffer overflow in DirectAnimation.PathControl COM object (daxctle.ocx) in Microsoft Internet Explorer 6.0 SP1 allows remote…
CVE-2004-0839 — CVSS 5.0 (medium): Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a…
CVE-2004-0526 — CVSS 5.0 (medium): Unknown versions of Internet Explorer and Outlook allow remote attackers to spoof a legitimate URL in the status bar via A HREF tags with…
CVE-2004-0479 — CVSS 5.0 (medium): Internet Explorer 6 allows remote attackers to cause a denial of service (crash) via Javascript that creates a new popup window and…
CVE-2006-4888 — CVSS 5.0 (medium): Microsoft Internet Explorer 6 and earlier allows remote attackers to cause a denial of service (application hang) via a CSS-formatted HTML…
CVE-2004-0284 — CVSS 5.0 (medium): Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow remote attackers to cause a denial of service (CPU consumption), if…
CVE-2006-5805 — CVSS 5.0 (medium): Microsoft Internet Explorer 7 allows remote attackers to cause a security certificate from a secure web site to appear invalid via a link…
CVE-2003-1559 — CVSS 5.0 (medium): Microsoft Internet Explorer 5.22, and other 5 through 6 SP1 versions, sends Referer headers containing https:// URLs in requests for…
CVE-2006-6659 — CVSS 5.0 (medium): The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in Windows XP SP2 allows remote attackers to cause a denial of service…
CVE-2006-7030 — CVSS 5.0 (medium): Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers to cause a denial of service (crash) via certain malformed HTML…
CVE-2006-7065 — CVSS 5.0 (medium): Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via an IFRAME with a certain XML file and XSL…
CVE-2003-1028 — CVSS 5.0 (medium): The download function of Internet Explorer 6 SP1 allows remote attackers to obtain the cache directory name via an HTTP response with an…
CVE-2003-0116 — CVSS 5.0 (medium): Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check the Cascading Style Sheet input parameter for Modal dialogs, which…
CVE-2007-0356 — CVSS 5.0 (medium): The Common Controls Replacement Project (CCRP) FolderTreeview (FTV) ActiveX control (ccrpftv6.ocx) allows remote attackers to cause a…
CVE-2003-0114 — CVSS 5.0 (medium): The file upload control in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to automatically upload files from the…
CVE-2002-1824 — CVSS 5.0 (medium): Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a webserver's certificate chain during a SSL/TLS handshake, does not…
CVE-2002-1714 — CVSS 5.0 (medium): Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to cause a denial of service (crash) via an object of type "text/html"…
CVE-2002-1186 — CVSS 5.0 (medium): Internet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters within a URL, which allows a…
CVE-2002-1185 — CVSS 5.0 (medium): Internet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers…
CVE-2001-1489 — CVSS 5.0 (medium): Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a…
CVE-2000-0036 — CVSS 5.0 (medium): Outlook Express 5 for Macintosh downloads attachments to HTML mail without prompting the user, aka the "HTML Mail Attachment" vulnerability.
CVE-2009-2576 — CVSS 5.0 (medium): Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via…
CVE-2010-1991 — CVSS 5.0 (medium): Microsoft Internet Explorer 6.0.2900.2180, 7, and 8.0.7600.16385 executes a mail application in situations where an IFRAME element has a…
CVE-2010-5071 — CVSS 5.0 (medium): The JavaScript implementation in Microsoft Internet Explorer 8.0 and earlier does not properly restrict the set of values contained in the…
CVE-2006-3513 — CVSS 5.0 (medium): danim.dll in Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) by accessing the Data…
CVE-2004-2090 — CVSS 5.0 (medium): Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers to determine the existence of arbitrary files via the VBScript…
CVE-2004-1686 — CVSS 5.0 (medium): Internet Explorer 6.0 in Windows XP SP2 allows remote attackers to bypass the Information Bar prompt for ActiveX and Javascript via an…
CVE-2006-3640 — CVSS 5.0 (medium): Microsoft Internet Explorer 5.01 and 6 allows certain script to persist across navigations between pages, which allows remote attackers to…
CVE-2006-3657 — CVSS 5.0 (medium): Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (stack overflow exception) via a DXImageTransform.Microso…
CVE-2006-3658 — CVSS 5.0 (medium): Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by accessing the object references of a…
CVE-2004-0979 — CVSS 4.6 (medium): Internet Explorer on Windows XP does not properly modify the "Drag and Drop or copy and paste files" setting when the user sets it to…
CVE-2003-1484 — CVSS 4.3 (medium): Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) by creating a DHTML link that uses the…
CVE-2011-2383 — CVSS 4.3 (medium): Microsoft Internet Explorer 9 and earlier does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote…
CVE-2007-0811 — CVSS 4.3 (medium): Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on Windows XP, allows remote attackers to cause a denial of service (NULL…
CVE-2002-2435 — CVSS 4.3 (medium): The Cascading Style Sheets (CSS) implementation in Microsoft Internet Explorer 8.0 and earlier does not properly handle the :visited…
CVE-2009-2433 — CVSS 4.3 (medium): Stack-based buffer overflow in the AddFavorite method in Microsoft Internet Explorer allows remote attackers to cause a denial of service…
CVE-2011-2382 — CVSS 4.3 (medium): Microsoft Internet Explorer 8 and earlier, and Internet Explorer 9 beta, does not properly restrict cross-zone drag-and-drop actions, which…
CVE-2007-1114 — CVSS 4.3 (medium): The child frames in Microsoft Internet Explorer 7 inherit the default charset from the parent window when a charset is not specified in an…
CVE-2007-1499 — CVSS 4.3 (medium): Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute arbitrary…
CVE-2010-2118 — CVSS 4.3 (medium): Microsoft Internet Explorer 6.0.2900.2180 and 8.0.7600.16385 allows remote attackers to cause a denial of service (resource consumption)…
CVE-2007-4848 — CVSS 4.3 (medium): Microsoft Internet Explorer 4.0 through 7 allows remote attackers to determine the existence of local files that have associated images via…
CVE-2006-5577 — CVSS 4.3 (medium): Microsoft Internet Explorer 6 and earlier allows remote attackers to obtain sensitive information via unspecified uses of the OBJECT HTML…
CVE-2006-2900 — CVSS 4.0 (medium): Internet Explorer 6 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the…
CVE-2006-2766 — CVSS 2.6 (low): Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, Outlook Express 6, and…
CVE-2006-3943 — CVSS 2.6 (low): Stack-based buffer overflow in NDFXArtEffects in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial…
CVE-1999-0827 — CVSS 2.6 (low): By default, Internet Explorer 5.0 and other versions enables the "Navigate sub-frames across different domains" option, which allows frame…
CVE-2000-0768 — CVSS 2.6 (low): A function in Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a browser window, which allows a remote…
CVE-2006-3510 — CVSS 2.6 (low): The Remote Data Service Object (RDS.DataControl) in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial…
CVE-2006-5578 — CVSS 2.6 (low): Microsoft Internet Explorer 6 and earlier allows remote attackers to read Temporary Internet Files (TIF) and obtain sensitive information…
CVE-2006-0753 — CVSS 2.6 (low): Memory leak in Microsoft Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to cause a denial of service (memory…
CVE-2004-2219 — CVSS 2.6 (low): Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar to facilitate phishing attacks via Javascript that uses an…
CVE-2000-0028 — CVSS 2.6 (low): Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the cross frame security policy and read files via the…
CVE-2000-0519 — CVSS 2.6 (low): Internet Explorer 4.x and 5.x does not properly re-validate an SSL certificate if the user establishes a new SSL session with the same…
CVE-2005-0110 — CVSS 2.6 (low): Internet Explorer 6 on Windows XP SP2 allows remote attackers to bypass the file download warning dialog and possibly trick an…
CVE-2000-0518 — CVSS 2.6 (low): Internet Explorer 4.x and 5.x does not properly verify all contents of an SSL certificate if a connection is made to the server via an…
CVE-2006-1192 — CVSS 2.6 (low): Microsoft Internet Explorer 5.01 through 6 allows remote attackers to conduct phishing attacks by spoofing the address bar and other parts…
CVE-2003-1105 — CVSS 2.6 (low): Unknown vulnerability in Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to cause a denial of service (browser or…
CVE-2004-1331 — CVSS 2.6 (low): The execCommand method in Microsoft Internet Explorer 6.0 SP2 allows remote attackers to bypass the "File Download - Security Warning"…
CVE-2005-1791 — CVSS 2.6 (low): Microsoft Internet Explorer 6 SP2 (6.0.2900.2180) crashes when the user attempts to add a URI to the restricted zone, in which the full…
CVE-2005-2126 — CVSS 2.6 (low): The FTP client in Windows XP SP1 and Server 2003, and Internet Explorer 6 SP1 on Windows 2000 SP4, when "Enable Folder View for FTP Sites"…
CVE-2001-1497 — CVSS 2.1 (low): Microsoft Internet Explorer 4.0 through 6.0 could allow local users to differentiate between alphanumeric and non-alphanumeric characters…
CVE-2001-1218 — CVSS 2.1 (low): Microsoft Internet Explorer for Unix 5.0SP1 allows local users to possibly cause a denial of service (crash) in CDE or the X server on…