Vulnerabilities > Microsoft > Internet Explorer > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2002-03-29 | CVE-2002-0078 | Unspecified vulnerability in Microsoft Internet Explorer 5.0.1/5.5/6.0 The zone determination function in Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to run scripts in the Local Computer zone by embedding the script in a cookie, aka the "Cookie-based Script Execution" vulnerability. | 7.5 |
| 2002-03-08 | CVE-2002-0027 | Unspecified vulnerability in Microsoft Internet Explorer 5.5/6.0 Internet Explorer 5.5 and 6.0 allows remote attackers to read certain files and spoof the URL in the address bar by using the Document.open function to pass information between two frames from different domains, a new variant of the "Frame Domain Verification" vulnerability described in MS:MS01-058/CAN-2001-0874. | 7.5 |
| 2002-03-08 | CVE-2002-0026 | Unspecified vulnerability in Microsoft Internet Explorer 5.5/6.0 Internet Explorer 5.5 and 6.0 allows remote attackers to bypass restrictions for executing scripts via an object that processes asynchronous events after the initial security checks have been made. | 7.5 |
| 2002-03-08 | CVE-2002-0024 | Unspecified vulnerability in Microsoft Internet Explorer 5.01/5.5/6.0 File Download box in Internet Explorer 5.01, 5.5 and 6.0 allows an attacker to use the Content-Disposition and Content-Type HTML header fields to modify how the name of the file is displayed, which could trick a user into believing that a file is safe to download. | 7.5 |
| 2002-03-08 | CVE-2002-0022 | Unspecified vulnerability in Microsoft Internet Explorer 5.5/6.0 Buffer overflow in the implementation of an HTML directive in mshtml.dll in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via a web page that specifies embedded ActiveX controls in a way that causes 2 Unicode strings to be concatenated. | 7.5 |
| 2002-01-13 | CVE-2002-0077 | Unspecified vulnerability in Microsoft Internet Explorer 5.0.1/5.5/6.0 Microsoft Internet Explorer 5.01, 5.5 and 6.0 treats objects invoked on an HTML page with the codebase property as part of Local Computer zone, which allows remote attackers to invoke executables present on the local system through objects such as the popup object, aka the "Local Executable Invocation via Object tag" vulnerability. | 7.5 |
| 2001-12-14 | CVE-2001-0727 | Unspecified vulnerability in Microsoft Internet Explorer 5.5/6.0 Internet Explorer 6.0 allows remote attackers to execute arbitrary code by modifying the Content-Disposition and Content-Type header fields in a way that causes Internet Explorer to believe that the file is safe to open without prompting the user, aka the "File Execution Vulnerability." | 7.5 |
| 2001-11-26 | CVE-2001-0875 | Unspecified vulnerability in Microsoft Internet Explorer 5.5/6.0 Internet Explorer 5.5 and 6.0 allows remote attackers to cause the File Download dialogue box to misrepresent the name of the file in the dialogue in a way that could fool users into thinking that the file type is safe to download. | 7.5 |
| 2001-11-14 | CVE-2001-0724 | Unspecified vulnerability in Microsoft Internet Explorer 5.5 Internet Explorer 5.5 allows remote attackers to bypass security restrictions via malformed URLs that contain dotless IP addresses, which causes Internet Explorer to process the page in the Intranet Zone, which may have fewer security restrictions, aka the "Zone Spoofing Vulnerability variant" of CVE-2001-0664. | 7.5 |
| 2001-10-30 | CVE-2001-0712 | Unspecified vulnerability in Microsoft Internet Explorer 5.0/5.0.1/5.5 The rendering engine in Internet Explorer determines the MIME type independently of the type that is specified by the server, which allows remote servers to automatically execute script which is placed in a file whose MIME type does not normally support scripting, such as text (.txt), JPEG (.jpg), etc. | 7.5 |