Vulnerabilities > Microsoft > Internet Explorer > 5.1

DATE CVE VULNERABILITY TITLE RISK
2011-12-07 CVE-2010-5071 Permissions, Privileges, and Access Controls vulnerability in Microsoft IE and Internet Explorer
The JavaScript implementation in Microsoft Internet Explorer 8.0 and earlier does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method.
network
low complexity
microsoft CWE-264
5.0
2011-12-07 CVE-2002-2435 Information Exposure vulnerability in Microsoft IE and Internet Explorer
The Cascading Style Sheets (CSS) implementation in Microsoft Internet Explorer 8.0 and earlier does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264.
network
microsoft CWE-200
4.3
2009-08-24 CVE-2009-2954 Improper Input Validation vulnerability in Microsoft Internet Explorer
Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU consumption and application hang) via JavaScript code with a long string value for the hash property (aka location.hash), a related issue to CVE-2008-5715.
network
low complexity
microsoft CWE-20
5.0
2009-07-22 CVE-2009-2576 Resource Management Errors vulnerability in Microsoft IE and Internet Explorer
Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479.
network
low complexity
microsoft CWE-399
5.0
2009-06-15 CVE-2009-2069 Improper Authentication vulnerability in Microsoft IE and Internet Explorer
Microsoft Internet Explorer before 8 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request.
network
microsoft CWE-287
5.8
2009-06-15 CVE-2009-2057 Improper Authentication vulnerability in Microsoft IE and Internet Explorer
Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.
network
microsoft CWE-287
5.8
2007-12-12 CVE-2007-5347 Unspecified vulnerability in Microsoft IE and Internet Explorer
Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via "unexpected method calls to HTML objects," aka "DHTML Object Memory Corruption Vulnerability."
network
microsoft
6.8
2007-12-12 CVE-2007-5344 Code Injection vulnerability in Microsoft IE and Internet Explorer
Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via a crafted website using Javascript that creates, modifies, deletes, and accesses document objects using the tags property, which triggers heap corruption, related to uninitialized or deleted objects, a different issue than CVE-2007-3902 and CVE-2007-3903, and a variant of "Uninitialized Memory Corruption Vulnerability."
network
microsoft CWE-94
6.8
2007-12-12 CVE-2007-3902 Resource Management Errors vulnerability in Microsoft IE and Internet Explorer
Use-after-free vulnerability in the CRecalcProperty function in mshtml.dll in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code by calling the setExpression method and then modifying the outerHTML property of an HTML element, one variant of "Uninitialized Memory Corruption Vulnerability."
network
microsoft CWE-399
critical
9.3
2007-10-14 CVE-2007-5456 Code Injection vulnerability in Microsoft Internet Explorer
Microsoft Internet Explorer 7 and earlier allows remote attackers to bypass the "File Download - Security Warning" dialog box and download arbitrary .exe files by placing a '?' (question mark) followed by a non-.exe filename after the .exe filename, as demonstrated by (1) .txt, (2) .cda, (3) .log, (4) .dif, (5) .sol, (6) .htt, (7) .itpc, (8) .itms, (9) .dvr-ms, (10) .dib, (11) .asf, (12) .tif, and unspecified other extensions, a different issue than CVE-2004-1331.
network
low complexity
microsoft CWE-94
7.5