Vulnerabilities > Microsoft > Internet Explorer > 5.01
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-05-02 | CVE-2005-0054 | Unspecified vulnerability in Microsoft IE and Internet Explorer Internet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a less restrictive security zone and execute arbitrary code via an HTML page containing URLs that contain hostnames that have been double hex encoded, which are decoded twice to generate a malicious hostname, aka the "URL Decoding Zone Spoofing Vulnerability." | 5.1 |
2005-04-12 | CVE-2005-0555 | Unspecified vulnerability in Microsoft Internet Explorer 5.01/5.5/6.0 Buffer overflow in the Content Advisor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a crafted Content Advisor file, aka "Content Advisor Memory Corruption Vulnerability." | 7.5 |
2005-02-09 | CVE-2004-0978 | Out-Of-Bounds Write vulnerability in Microsoft Internet Explorer 5.01/5.5/6 Heap-based buffer overflow in the Hrtbeat.ocx (Heartbeat) ActiveX control for Internet Explorer 5.01 through 6, when users who visit online gaming sites that are associated with MSN, allows remote attackers to execute arbitrary code via the SetupData parameter. | 10.0 |
2004-12-31 | CVE-2004-2219 | Unspecified vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar to facilitate phishing attacks via Javascript that uses an invalid URI, modifies the Location field, then uses history.back to navigate to the previous domain, aka NullyFake. | 2.6 |
2004-12-30 | CVE-2004-1376 | Unspecified vulnerability in Microsoft Internet Explorer 5.01/5.5/6.0 Directory traversal vulnerability in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote malicious FTP servers to overwrite arbitrary files via .. | 5.0 |
2004-11-03 | CVE-2004-0845 | Unspecified vulnerability in Microsoft IE and Internet Explorer Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site. | 6.4 |
2004-11-03 | CVE-2004-0216 | Unspecified vulnerability in Microsoft IE and Internet Explorer Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow. | 10.0 |
2004-08-06 | CVE-2004-0549 | Unspecified vulnerability in Microsoft Internet Explorer 5.01/5.5/6.0 The WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine (MSHTML), as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifying the location to execute code such as Javascript, as demonstrated using (1) delayed HTTP redirect operations, and an HTTP response with a Location: header containing a "URL:" prepended to a "ms-its" protocol URI, or (2) modifying the location attribute of the window, as exploited by the Download.ject (aka Scob aka Toofer) using the ADODB.Stream object. | 10.0 |
2004-07-27 | CVE-2003-1048 | Double Free vulnerability in Microsoft products Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image. | 7.8 |
2003-12-31 | CVE-2003-1105 | Unspecified vulnerability in Microsoft IE and Internet Explorer Unknown vulnerability in Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to cause a denial of service (browser or Outlook Express crash) via HTML with certain input tags that are not properly rendered. | 2.6 |