Vulnerabilities > Microsoft > Internet Explorer > 5
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-03-13 | CVE-2009-5159 | Cross-site Scripting vulnerability in multiple products Invision Power Board (aka IPB or IP.Board) 2.x through 3.0.4, when Internet Explorer 5 is used, allows XSS via a .txt attachment. | 4.3 |
2011-12-07 | CVE-2010-5071 | Permissions, Privileges, and Access Controls vulnerability in Microsoft IE and Internet Explorer The JavaScript implementation in Microsoft Internet Explorer 8.0 and earlier does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method. | 5.0 |
2011-12-07 | CVE-2002-2435 | Information Exposure vulnerability in Microsoft IE and Internet Explorer The Cascading Style Sheets (CSS) implementation in Microsoft Internet Explorer 8.0 and earlier does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264. | 4.3 |
2009-11-24 | CVE-2009-4073 | Information Exposure vulnerability in Microsoft Internet Explorer The printing functionality in Microsoft Internet Explorer 8 allows remote attackers to discover a local pathname, and possibly a local username, by reading the dc:title element of a PDF document that was generated from a local web page. | 5.0 |
2009-08-24 | CVE-2009-2954 | Improper Input Validation vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU consumption and application hang) via JavaScript code with a long string value for the hash property (aka location.hash), a related issue to CVE-2008-5715. | 5.0 |
2009-07-22 | CVE-2009-2576 | Resource Management Errors vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479. | 5.0 |
2009-07-20 | CVE-2009-2536 | Resource Management Errors vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 5 through 8 allows remote attackers to cause a denial of service (memory consumption and application crash) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. | 4.3 |
2009-06-15 | CVE-2009-2069 | Improper Authentication vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer before 8 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request. | 5.8 |
2009-06-15 | CVE-2009-2064 | Improper Authentication vulnerability in Microsoft Internet Explorer and Pocket IE Microsoft Internet Explorer 8, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages." | 6.8 |
2009-06-15 | CVE-2009-2057 | Improper Authentication vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack. | 5.8 |