Vulnerabilities > Microsoft > Internet Explorer > 6.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2002-10-28 | CVE-2002-1217 | Unspecified vulnerability in Microsoft Internet Explorer 5.5/6.0 Cross-Frame scripting vulnerability in the WebBrowser control as used in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code, read arbitrary files, or conduct other unauthorized activities via script that accesses the Document property, which bypasses <frame> and <iframe> domain restrictions. | 7.5 |
| 2002-09-24 | CVE-2002-0980 | Unspecified vulnerability in Microsoft Internet Explorer 5.5/6.0 The Web Folder component for Internet Explorer 5.5 and 6.0 writes an error message to a known location in the temporary folder, which allows remote attackers to execute arbitrary code by injecting it into the error message, then referring to the error message file via a mhtml: URL. | 7.5 |
| 2002-09-24 | CVE-2002-0976 | Unspecified vulnerability in Microsoft Internet Explorer Internet Explorer 4.0 and later allows remote attackers to read arbitrary files via a web page that accesses a legacy XML Datasource applet (com.ms.xml.dso.XMLDSO.class) and modifies the base URL to point to the local system, which is trusted by the applet. | 6.4 |
| 2002-09-24 | CVE-2002-0723 | Unspecified vulnerability in Microsoft Internet Explorer 5.5/6.0 Microsoft Internet Explorer 5.5 and 6.0 does not properly verify the domain of a frame within a browser window, which allows remote attackers to read client files or invoke executable objects via the Object tag, aka "Cross Domain Verification in Object Tag." | 7.5 |
| 2002-09-24 | CVE-2002-0722 | Unspecified vulnerability in Microsoft Internet Explorer 5.01/5.5/6.0 Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to misrepresent the source of a file in the File Download dialogue box to trick users into thinking that the file type is safe to download, aka "File Origin Spoofing." | 7.5 |
| 2002-09-24 | CVE-2002-0648 | Unspecified vulnerability in Microsoft Internet Explorer 5.01/5.5/6.0 The legacy <script> data-island capability for XML in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to read arbitrary XML files, and portions of other files, via a URL whose "src" attribute redirects to a local file. | 5.0 |
| 2002-09-24 | CVE-2002-0647 | Unspecified vulnerability in Microsoft Internet Explorer 5.01/5.5/6.0 Buffer overflow in a legacy ActiveX control used to display specially formatted text in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code, aka "Buffer Overrun in Legacy Text Formatting ActiveX Control". | 7.5 |
| 2002-08-15 | CVE-2002-1444 | The Google toolbar 1.1.60, when running on Internet Explorer 5.5 and 6.0, allows remote attackers to cause a denial of service (crash with an exception in oleaut32.dll) via malicious HTML, possibly related to small width and height parameters or an incorrect call to the Google.Search() function. | 2.6 |
| 2002-08-12 | CVE-2002-0832 | Unspecified vulnerability in Microsoft Internet Explorer 5.0/5.5/6.0 Internet Explorer 5, 5.6, and 6 allows remote attackers to bypass cookie privacy settings and store information across browser sessions via the userData (storeuserData) feature. | 7.5 |
| 2002-08-12 | CVE-2002-0500 | Unspecified vulnerability in Microsoft Internet Explorer Internet Explorer 5.0 through 6.0 allows remote attackers to determine the existence of files on the client via an IMG tag with a dynsrc property that references the target file, which sets certain elements of the image object such as file size. | 5.0 |