Vulnerabilities > Microsoft > Internet Explorer > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2001-10-30 | CVE-2001-0664 | Unspecified vulnerability in Microsoft Internet Explorer 5.01/5.5 Internet Explorer 5.5 and 5.01 allows remote attackers to bypass security restrictions via malformed URLs that contain dotless IP addresses, which causes Internet Explorer to process the page in the Intranet Zone, which may have fewer security restrictions, aka the "Zone Spoofing vulnerability." | 7.5 |
| 2001-07-21 | CVE-2001-0002 | Unspecified vulnerability in Microsoft Internet Explorer and Windows Script Host Internet Explorer 5.5 and earlier allows remote attackers to obtain the physical location of cached content and open the content in the Local Computer Zone, then use compiled HTML help (.chm) files to execute arbitrary programs. | 7.5 |
| 2001-06-27 | CVE-2001-0339 | Unspecified vulnerability in Microsoft Internet Explorer Internet Explorer 5.5 and earlier allows remote attackers to display a URL in the address bar that is different than the URL that is actually being displayed, which could be used in web site spoofing attacks, aka the "Web page spoofing vulnerability." | 7.5 |
| 2001-05-03 | CVE-2001-0154 | Unspecified vulnerability in Microsoft Internet Explorer HTML e-mail feature in Internet Explorer 5.5 and earlier allows attackers to execute attachments by setting an unusual MIME type for the attachment, which Internet Explorer does not process correctly. | 7.5 |
| 2000-12-19 | CVE-2000-0982 | Unspecified vulnerability in Microsoft Internet Explorer Internet Explorer before 5.5 forwards cached user credentials for a secure web site to insecure pages on the same web site, which could allow remote attackers to obtain the credentials by monitoring connections to the web server, aka the "Cached Web Credentials" vulnerability. | 7.5 |
| 2000-05-17 | CVE-2000-0464 | Unspecified vulnerability in Microsoft Internet Explorer Internet Explorer 4.x and 5.x allows remote attackers to execute arbitrary commands via a buffer overflow in the ActiveX parameter parsing capability, aka the "Malformed Component Attribute" vulnerability. | 7.6 |
| 2000-05-13 | CVE-2000-0400 | Improper Input Validation vulnerability in Microsoft Internet Explorer 5 The Microsoft Active Movie ActiveX Control in Internet Explorer 5 does not restrict which file types can be downloaded, which allows an attacker to download any type of file to a user's system by encoding it within an email message or news post. | 7.5 |
| 1999-12-31 | CVE-1999-1094 | Unspecified vulnerability in Microsoft Internet Explorer Buffer overflow in Internet Explorer 4.01 and earlier allows remote attackers to execute arbitrary commands via a long URL with the "mk:" protocol, aka the "MK Overrun security issue." | 7.5 |
| 1999-12-31 | CVE-1999-1087 | Unspecified vulnerability in Microsoft Internet Explorer 4.0/4.0.1 Internet Explorer 4 treats a 32-bit number ("dotless IP address") in the a URL as the hostname instead of an IP address, which causes IE to apply Local Intranet Zone settings to the resulting web page, allowing remote malicious web servers to conduct unauthorized activities by using URLs that contain the dotless IP address for their server. | 7.5 |
| 1999-11-01 | CVE-1999-0354 | Unspecified vulnerability in Microsoft Internet Explorer and Word Internet Explorer 4.x or 5.x with Word 97 allows arbitrary execution of Visual Basic programs to the IE client through the Word 97 template, which doesn't warn the user that the template contains executable content. | 7.5 |