Vulnerabilities > Microsoft > Internet Explorer
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-04-12 | CVE-2005-0555 | Unspecified vulnerability in Microsoft Internet Explorer 5.01/5.5/6.0 Buffer overflow in the Content Advisor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a crafted Content Advisor file, aka "Content Advisor Memory Corruption Vulnerability." | 7.5 |
| 2005-02-09 | CVE-2004-0978 | Out-Of-Bounds Write vulnerability in Microsoft Internet Explorer 5.01/5.5/6 Heap-based buffer overflow in the Hrtbeat.ocx (Heartbeat) ActiveX control for Internet Explorer 5.01 through 6, when users who visit online gaming sites that are associated with MSN, allows remote attackers to execute arbitrary code via the SetupData parameter. | 10.0 |
| 2004-12-31 | CVE-2004-2704 | Cross-Site Scripting vulnerability in multiple products Hastymail 1.0.1 and earlier (stable) and 1.1 and earlier (development) does not send the "attachment" parameter in the Content-Disposition field for attachments, which causes the attachment to be rendered inline by Internet Explorer when the victim clicks the download link, which facilitates cross-site scripting (XSS) and possibly other attacks. | 4.3 |
| 2004-12-31 | CVE-2004-2476 | Unspecified vulnerability in Microsoft Internet Explorer 6.0.2800 Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (infinite loop and crash) via an IFRAME with "?" as the file source. | 2.6 |
| 2004-12-31 | CVE-2004-2383 | Unspecified vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to bypass cross-frame scripting restrictions and capture keyboard events from other domains via an HTML document with Javascript that is outside a frameset that includes the target domain, then forcing the frameset to maintain focus. | 5.1 |
| 2004-12-31 | CVE-2004-2307 | Unspecified vulnerability in Microsoft Internet Explorer and Windows XP Microsoft Internet Explorer 6.0.2600 on Windows XP allows remote attackers to cause a denial of service (browser crash) via a shell: URI with double backslashes (\\) in an HTML tag such as IFRAME or A. | 5.0 |
| 2004-12-31 | CVE-2004-2291 | Unspecified vulnerability in Microsoft IE and Internet Explorer Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via an embedded script that uses Shell Helper objects and a shortcut (link) to execute the target script. | 7.5 |
| 2004-12-31 | CVE-2004-2219 | Unspecified vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar to facilitate phishing attacks via Javascript that uses an invalid URI, modifies the Location field, then uses history.back to navigate to the previous domain, aka NullyFake. | 2.6 |
| 2004-12-31 | CVE-2004-2011 | Unspecified vulnerability in Microsoft Internet Explorer 6.0.2600 msxml3.dll in Internet Explorer 6.0.2600.0 allows remote attackers to cause a denial of service (crash) via a single & (ampersand) in a <Ref href> link, which triggers a parsing error, possibly due to missing portions of the URI. | 2.6 |
| 2004-12-31 | CVE-2004-1173 | Unspecified vulnerability in Microsoft Internet Explorer 6.0 Internet Explorer 6 allows remote attackers to bypass the popup blocker via the document object model (DOM) methods in the DHTML Dynamic HTML (DHTML) Editing Component (DEC) and Javascript that calls showModalDialog. | 7.5 |