Outlook Express 5 for Macintosh downloads attachments to HTML mail without prompting the user, aka the "HTML Mail Attachment" vulnerability.
Max CVSS
5.0
EPSS Score
0.46%
Published
1999-12-22
Updated
2018-10-12
The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet that escapes the Java sandbox, aka the "VM File Reading" vulnerability.
Max CVSS
5.1
EPSS Score
0.42%
Published
2000-02-18
Updated
2021-07-22
A Microsoft ActiveX control allows a remote attacker to execute a malicious cabinet file via an attachment and an embedded script in an HTML mail, aka the "Active Setup Control" vulnerability.
Max CVSS
5.1
EPSS Score
1.94%
Published
1999-11-11
Updated
2021-07-22
Microsoft Virtual Machine (VM) in Internet Explorer 4.x and 5.x allows an unsigned applet to create and use ActiveX controls, which allows a remote attacker to bypass Internet Explorer's security settings and execute arbitrary commands via a malicious web page or email, aka the "Microsoft VM ActiveX Component" vulnerability.
Max CVSS
5.1
EPSS Score
0.57%
Published
2000-12-11
Updated
2018-10-12
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images.
Max CVSS
5.0
EPSS Score
17.41%
Published
2001-12-31
Updated
2017-07-11
Internet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes during decompression, aka "Malformed PNG Image File Failure."
Max CVSS
5.0
EPSS Score
17.20%
Published
2002-12-11
Updated
2021-07-23
Internet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters within a URL, which allows a remote attacker to steal potentially sensitive information from a user by redirecting the user to another site that has that information, aka "Encoded Characters Information Disclosure."
Max CVSS
5.0
EPSS Score
75.35%
Published
2002-12-11
Updated
2021-07-23
Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to cause a denial of service (crash) via an object of type "text/html" with the DATA field that identifies the HTML document that contains the object, which may cause infinite recursion.
Max CVSS
5.0
EPSS Score
18.76%
Published
2002-12-31
Updated
2021-07-23
Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a webserver's certificate chain during a SSL/TLS handshake, does not prompt the user before searching for and finding a newer certificate, which may allow attackers to perform a man-in-the-middle attack. NOTE: it is not clear whether this poses a vulnerability.
Max CVSS
5.0
EPSS Score
0.24%
Published
2002-12-31
Updated
2021-07-23
The file upload control in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to automatically upload files from the local system via a web page containing a script to upload the files.
Max CVSS
5.0
EPSS Score
1.74%
Published
2003-05-12
Updated
2021-07-23
Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check the Cascading Style Sheet input parameter for Modal dialogs, which allows remote attackers to read files on the local system via a web page containing script that creates a dialog and then accesses the target files, aka "Modal Dialog script execution."
Max CVSS
5.0
EPSS Score
0.66%
Published
2003-05-12
Updated
2021-07-23
The download function of Internet Explorer 6 SP1 allows remote attackers to obtain the cache directory name via an HTTP response with an invalid ContentType and a .htm file, which could allow remote attackers to bypass security mechanisms that rely on random names, as demonstrated by threadid10008.
Max CVSS
5.0
EPSS Score
0.31%
Published
2004-01-20
Updated
2021-07-23
Microsoft Internet Explorer 5.22, and other 5 through 6 SP1 versions, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.
Max CVSS
5.0
EPSS Score
2.13%
Published
2003-12-31
Updated
2021-07-23
Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow remote attackers to cause a denial of service (CPU consumption), if "Do not save encrypted pages to disk" is disabled, via a web site or HTML e-mail that contains two null characters (%00) after the host name.
Max CVSS
5.0
EPSS Score
1.04%
Published
2004-11-23
Updated
2021-07-23
The showHelp function in Internet Explorer 6 on Windows XP Pro allows remote attackers to execute arbitrary local .CHM files via a double backward slash ("\\") before the target CHM file, as demonstrated using an "ms-its" URL to ntshared.chm. NOTE: this bug may overlap CVE-2003-1041.
Max CVSS
5.1
EPSS Score
1.03%
Published
2004-07-07
Updated
2017-07-11
Internet Explorer 6 allows remote attackers to cause a denial of service (crash) via Javascript that creates a new popup window and disables the imagetoolbar functionality with a META tag, which triggers a null dereference.
Max CVSS
5.0
EPSS Score
12.99%
Published
2004-07-07
Updated
2016-10-18
Unknown versions of Internet Explorer and Outlook allow remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack.
Max CVSS
5.0
EPSS Score
5.39%
Published
2004-08-06
Updated
2021-07-23
Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".
Max CVSS
5.0
EPSS Score
84.58%
Published
2004-08-18
Updated
2021-07-23
Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability."
Max CVSS
5.0
EPSS Score
96.48%
Published
2004-12-23
Updated
2021-07-23
Internet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the "Plug-in Navigation Address Bar Spoofing Vulnerability."
Max CVSS
5.0
EPSS Score
1.48%
Published
2004-11-03
Updated
2021-07-23
Internet Explorer 6 on Double Byte Character Set (DBCS) systems allows remote attackers to alter displayed address bars and spoof web pages via a URL containing special characters, facilitating phishing attacks, aka the "Address Bar Spoofing on Double Byte Character Set Systems Vulnerability."
Max CVSS
5.0
EPSS Score
94.55%
Published
2004-11-03
Updated
2018-10-12
Internet Explorer does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."
Max CVSS
5.0
EPSS Score
0.31%
Published
2004-09-16
Updated
2017-07-11
Internet Explorer 6.0 in Windows XP SP2 allows remote attackers to bypass the Information Bar prompt for ActiveX and Javascript via an XHTML page that contains an Internet Explorer formatted comment between the DOCTYPE tag and the HTML tag, as demonstrated using the DesignScience MathPlayer ActiveX plugin.
Max CVSS
5.0
EPSS Score
0.32%
Published
2004-09-15
Updated
2017-07-11
Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers to determine the existence of arbitrary files via the VBScript LoadPicture method, which returns an error code if the file does not exist.
Max CVSS
5.0
EPSS Score
5.93%
Published
2004-02-07
Updated
2021-07-23
asycpict.dll, as used in Microsoft products such as Front Page 97 and 98, allows remote attackers to cause a denial of service (hang) via a JPEG image with maximum height and width values.
Max CVSS
5.0
EPSS Score
1.08%
Published
2004-12-31
Updated
2008-09-05
67 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!