Vulnerabilities > Microsoft > IE > 6.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-12-14 | CVE-2005-2829 | Unspecified vulnerability in Microsoft IE and Internet Explorer Multiple design errors in Microsoft Internet Explorer 5.01, 5.5, and 6 allow user-assisted attackers to execute arbitrary code by (1) overlaying a malicious new window above a file download box, then (2) using a keyboard shortcut and delaying the display of the file download box until the user hits a shortcut that activates the "Run" button, aka "File Download Dialog Box Manipulation Vulnerability." | 5.1 |
2005-12-08 | CVE-2005-4089 | Permissions, Privileges, and Access Controls vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains that are not valid Cascading Style Sheets (CSS) files, as demonstrated using Google Desktop, aka "CSSXSS" and "CSS Cross-Domain Information Disclosure Vulnerability." | 7.1 |
2005-10-21 | CVE-2005-2126 | Unspecified vulnerability in Microsoft products The FTP client in Windows XP SP1 and Server 2003, and Internet Explorer 6 SP1 on Windows 2000 SP4, when "Enable Folder View for FTP Sites" is enabled and the user manually initiates a file transfer, allows user-assisted, remote FTP servers to overwrite files in arbitrary locations via crafted filenames. | 2.6 |
2005-07-19 | CVE-2005-2308 | Denial Of Service vulnerability in Microsoft IE 6.0 The JPEG decoder in Microsoft Internet Explorer allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via certain crafted JPEG images, as demonstrated using (1) mov_fencepost.jpg, (2) cmp_fencepost.jpg, (3) oom_dos.jpg, or (4) random.jpg. | 7.5 |
2005-05-28 | CVE-2005-1791 | Denial of Service vulnerability in Microsoft IE 6.0 Microsoft Internet Explorer 6 SP2 (6.0.2900.2180) crashes when the user attempts to add a URI to the restricted zone, in which the full domain name of the URI begins with numeric sequences similar to an IP address. | 2.6 |
2005-05-02 | CVE-2005-0553 | Unspecified vulnerability in Microsoft IE and Internet Explorer Race condition in the memory management routines in the DHTML object processor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail, aka "DHTML Object Memory Corruption Vulnerability". | 5.1 |
2005-05-02 | CVE-2005-0500 | Unspecified vulnerability in Microsoft IE and Internet Explorer Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to spoof the domain name of a URL in a titlebar for a script-initiated popup window, which could facilitate phishing attacks. | 5.0 |
2005-05-02 | CVE-2005-0055 | Unspecified vulnerability in Microsoft IE and Internet Explorer Internet Explorer 5.01, 5.5, and 6 does not properly validate buffers when handling certain DHTML methods including the createControlRange Javascript function, which allows remote attackers to execute arbitrary code, aka the "DHTML Method Heap Memory Corruption Vulnerability." | 7.5 |
2005-05-02 | CVE-2005-0053 | Unspecified vulnerability in Microsoft products Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability." | 7.5 |
2005-01-14 | CVE-2005-0110 | Security Bypass vulnerability in Microsoft IE 6.0 Internet Explorer 6 on Windows XP SP2 allows remote attackers to bypass the file download warning dialog and possibly trick an unknowledgeable user into executing arbitrary code via a web page with a body element containing an onclick tag, as demonstrated using the createElement function. | 2.6 |