Vulnerabilities > Microsoft > IE > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2002-12-31 | CVE-2002-1824 | Unspecified vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a webserver's certificate chain during a SSL/TLS handshake, does not prompt the user before searching for and finding a newer certificate, which may allow attackers to perform a man-in-the-middle attack. | 5.0 |
| 2002-12-31 | CVE-2002-1714 | Unspecified vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to cause a denial of service (crash) via an object of type "text/html" with the DATA field that identifies the HTML document that contains the object, which may cause infinite recursion. | 5.0 |
| 2002-12-11 | CVE-2002-1186 | Unspecified vulnerability in Microsoft IE and Internet Explorer Internet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters within a URL, which allows a remote attacker to steal potentially sensitive information from a user by redirecting the user to another site that has that information, aka "Encoded Characters Information Disclosure." | 5.0 |
| 2002-12-11 | CVE-2002-1185 | Unspecified vulnerability in Microsoft IE and Internet Explorer Internet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes during decompression, aka "Malformed PNG Image File Failure." | 5.0 |
| 2001-12-31 | CVE-2001-1489 | Denial of Service vulnerability in Microsoft IE 6 Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images. | 5.0 |
| 2000-12-11 | CVE-2000-1061 | Unspecified vulnerability in Microsoft IE 4.X/5.X Microsoft Virtual Machine (VM) in Internet Explorer 4.x and 5.x allows an unsigned applet to create and use ActiveX controls, which allows a remote attacker to bypass Internet Explorer's security settings and execute arbitrary commands via a malicious web page or email, aka the "Microsoft VM ActiveX Component" vulnerability. | 5.1 |
| 2000-02-18 | CVE-2000-0162 | Unspecified vulnerability in Microsoft IE, Internet Explorer and Visual Studio The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet that escapes the Java sandbox, aka the "VM File Reading" vulnerability. | 5.1 |
| 1999-11-11 | CVE-2000-0329 | Unspecified vulnerability in Microsoft products A Microsoft ActiveX control allows a remote attacker to execute a malicious cabinet file via an attachment and an embedded script in an HTML mail, aka the "Active Setup Control" vulnerability. | 5.1 |