Vulnerabilities > Microsoft > Internet Explorer > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2004-12-31 | CVE-2004-1173 | Unspecified vulnerability in Microsoft Internet Explorer 6.0 Internet Explorer 6 allows remote attackers to bypass the popup blocker via the document object model (DOM) methods in the DHTML Dynamic HTML (DHTML) Editing Component (DEC) and Javascript that calls showModalDialog. | 7.5 |
2004-12-31 | CVE-2004-1166 | Code Injection vulnerability in Microsoft IE and Internet Explorer CRLF injection vulnerability in Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command. | 7.5 |
2004-12-31 | CVE-2004-1155 | Unspecified vulnerability in Microsoft IE and Internet Explorer Internet Explorer 5.01 through 6 allows remote attackers to spoof arbitrary web sites by injecting content from one window into another window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. | 7.5 |
2004-12-23 | CVE-2004-0867 | Permissions, Privileges, and Access Controls vulnerability in multiple products Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. | 7.5 |
2004-12-23 | CVE-2004-0842 | Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "<STYLE>@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability." | 7.5 |
2004-09-16 | CVE-2004-0866 | Internet Explorer 6.0 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. | 7.5 |
2004-07-27 | CVE-2004-0727 | Unspecified vulnerability in Microsoft Internet Explorer 6.0.2800.1106 Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability." | 7.5 |
2004-07-27 | CVE-2004-0719 | Unspecified vulnerability in Microsoft IE and Internet Explorer Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, and possibly other versions, does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. | 7.5 |
2004-07-27 | CVE-2004-0566 | Unspecified vulnerability in Microsoft Internet Explorer 5.0/5.0.1/5.5 Integer overflow in imgbmp.cxx for Windows 2000 allows remote attackers to execute arbitrary code via a BMP image with a large bfOffBits value. | 7.5 |
2004-07-27 | CVE-2003-1048 | Double Free vulnerability in Microsoft products Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image. | 7.8 |