Vulnerabilities > Microsoft > Internet Explorer > High

DATE CVE VULNERABILITY TITLE RISK
2004-07-27 CVE-2004-0566 Unspecified vulnerability in Microsoft Internet Explorer 5.0/5.0.1/5.5
Integer overflow in imgbmp.cxx for Windows 2000 allows remote attackers to execute arbitrary code via a BMP image with a large bfOffBits value.
network
low complexity
microsoft
7.5
2004-07-27 CVE-2003-1048 Double Free vulnerability in Microsoft products
Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image.
local
low complexity
microsoft CWE-415
7.8
2004-06-14 CVE-2003-1041 Unspecified vulnerability in Microsoft IE and Internet Explorer
Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm extension.
network
low complexity
microsoft
7.5
2004-04-15 CVE-2003-0513 Unspecified vulnerability in Microsoft IE and Internet Explorer
Microsoft Internet Explorer allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Internet Explorer to send the cookie outside the specified URL subsets, e.g.
network
low complexity
microsoft
7.5
2004-02-03 CVE-2003-0823 Unspecified vulnerability in Microsoft IE and Internet Explorer
Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027.
network
low complexity
microsoft
7.5
2004-02-03 CVE-2003-0817 Unspecified vulnerability in Microsoft IE and Internet Explorer
Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object.
network
low complexity
microsoft
7.5
2004-02-03 CVE-2003-0816 Unspecified vulnerability in Microsoft IE and Internet Explorer
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability.
network
low complexity
microsoft
7.5
2004-02-03 CVE-2003-0815 Unspecified vulnerability in Microsoft IE and Internet Explorer
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability.
network
low complexity
microsoft
7.5
2004-02-03 CVE-2003-0814 Unspecified vulnerability in Microsoft IE and Internet Explorer
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability.
network
low complexity
microsoft
7.5
2003-11-17 CVE-2003-0838 Unspecified vulnerability in Microsoft IE and Internet Explorer
Internet Explorer allows remote attackers to bypass zone restrictions to inject and execute arbitrary programs by creating a popup window and inserting ActiveX object code with a "data" tag pointing to the malicious code, which Internet Explorer treats as HTML or Javascript, but later executes as an HTA application, a different vulnerability than CVE-2003-0532, and as exploited using the QHosts Trojan horse (aka Trojan.Qhosts, QHosts-1, VBS.QHOSTS, or aolfix.exe).
network
low complexity
microsoft
7.5