| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability. |
| Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (browser crash) via a link with "::{" (colon colon left brace), which triggers a null dereference when the user attempts to save the link using "Save As" and Internet Explorer prepares an error message with an attacker-controlled format string. |
| Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via an embedded script that uses Shell Helper objects and a shortcut (link) to execute the target script. |
| Internet Explorer 5.01 through 6.0 does not properly handle object tags returned from a Web server during XML data binding, which allows remote attackers to execute arbitrary code via an HTML e-mail message or web page. |
| Internet Explorer 5.1 for Macintosh allows remote attackers to bypass security checks and invoke local AppleScripts within a specific HTML element, aka the "Local Applescript Invocation" vulnerability. |
| Internet Explorer 4.x and 5.x does not properly verify all contents of an SSL certificate if a connection is made to the server via an image or a frame, aka one of two different "SSL Certificate Validation" vulnerabilities. |
| Buffer overflow in Internet Explorer 4.0 via EMBED tag. |
| Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar to facilitate phishing attacks via Javascript that uses an invalid URI, modifies the Location field, then uses history.back to navigate to the previous domain, aka NullyFake. |
| asycpict.dll, as used in Microsoft products such as Front Page 97 and 98, allows remote attackers to cause a denial of service (hang) via a JPEG image with maximum height and width values. |
| Internet Explorer 5.01 SP3 through 6.0 SP1 does not properly determine object types that are returned by web servers, which could allow remote attackers to execute arbitrary code via an object tag with a data parameter to a malicious file hosted on a server that returns an unsafe Content-Type, aka the "Object Type" vulnerability. |
| Internet Explorer 6.0 in Windows XP SP2 allows remote attackers to bypass the Information Bar prompt for ActiveX and Javascript via an XHTML page that contains an Internet Explorer formatted comment between the DOCTYPE tag and the HTML tag, as demonstrated using the DesignScience MathPlayer ActiveX plugin. |
| Microsoft Internet Explorer 6 and earlier allows remote attackers to cause a denial of service (application hang) via a CSS-formatted HTML INPUT element within a DIV element that has a larger size than the INPUT. |
| The execCommand method in Microsoft Internet Explorer 6.0 SP2 allows remote attackers to bypass the "File Download - Security Warning" dialog and save arbitrary files with arbitrary extensions via the SaveAs command. |
| Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to access and execute script in the My Computer domain using the browser cache via crafted Content-Type and Content-Disposition headers, aka the "Browser Cache Script Execution in My Computer Zone" vulnerability. |
| Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute arbitrary code by invoking the file:// directive with a large number of / characters, which affects Internet Explorer 5.1, Outlook Express 5.0 through 5.0.2, Entourage v. X and 2001, PowerPoint v. X, 2001, and 98, and Excel v. X and 2001 for Macintosh. |
| Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash from memory consumption), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays. |
| Internet Explorer 6 on Windows XP SP2 allows remote attackers to execute arbitrary JavaScript in the context of the browser's session with an arbitrary intranet web server, by hosting script on an Internet web server that can be made inaccessible by the attacker and that has a domain name under the attacker's control, which can force the browser to drop DNS pinning and perform a new DNS query for the domain name after the script is already running. |
| Heap-based buffer overflow in DirectAnimation.PathControl COM object (daxctle.ocx) in Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Spline function call whose first argument specifies a large number of points. |
| CRLF injection vulnerability in Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command. |
| Buffer overflow in the BR549.DLL ActiveX control for Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to execute arbitrary code. |
