Vulnerabilities > Microsoft > Internet Explorer > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-2704 | Cross-Site Scripting vulnerability in multiple products Hastymail 1.0.1 and earlier (stable) and 1.1 and earlier (development) does not send the "attachment" parameter in the Content-Disposition field for attachments, which causes the attachment to be rendered inline by Internet Explorer when the victim clicks the download link, which facilitates cross-site scripting (XSS) and possibly other attacks. | 4.3 |
| 2004-12-31 | CVE-2004-2383 | Unspecified vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to bypass cross-frame scripting restrictions and capture keyboard events from other domains via an HTML document with Javascript that is outside a frameset that includes the target domain, then forcing the frameset to maintain focus. | 5.1 |
| 2004-12-31 | CVE-2004-2307 | Unspecified vulnerability in Microsoft Internet Explorer and Windows XP Microsoft Internet Explorer 6.0.2600 on Windows XP allows remote attackers to cause a denial of service (browser crash) via a shell: URI with double backslashes (\\) in an HTML tag such as IFRAME or A. | 5.0 |
| 2004-12-31 | CVE-2004-1043 | Unspecified vulnerability in Microsoft Internet Explorer and Windows XP Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to execute arbitrary code by using the "Related Topics" command in the Help ActiveX Control (hhctrl.ocx) to open a Help popup window containing the PCHealth tools.htm file in the local zone and injecting Javascript to be executed, as demonstrated using "writehta.txt" and the ADODB recordset, which saves a .HTA file to the local system, aka the "HTML Help ActiveX control Cross Domain Vulnerability." | 5.0 |
| 2004-12-31 | CVE-2004-0979 | Unspecified vulnerability in Microsoft IE, Internet Explorer and Windows XP Internet Explorer on Windows XP does not properly modify the "Drag and Drop or copy and paste files" setting when the user sets it to "Disable" or "Prompt," which may enable security-sensitive operations that are inconsistent with the user's intended configuration. | 4.6 |
| 2004-12-30 | CVE-2004-1376 | Unspecified vulnerability in Microsoft Internet Explorer 5.01/5.5/6.0 Directory traversal vulnerability in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote malicious FTP servers to overwrite arbitrary files via .. | 5.0 |
| 2004-12-23 | CVE-2004-0841 | Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability." | 5.0 |
| 2004-11-23 | CVE-2004-0284 | Unspecified vulnerability in Microsoft IE, Internet Explorer and Outlook Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow remote attackers to cause a denial of service (CPU consumption), if "Do not save encrypted pages to disk" is disabled, via a web site or HTML e-mail that contains two null characters (%00) after the host name. | 5.0 |
| 2004-11-03 | CVE-2004-0845 | Unspecified vulnerability in Microsoft IE and Internet Explorer Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site. | 6.4 |
| 2004-11-03 | CVE-2004-0843 | Unspecified vulnerability in Microsoft IE and Internet Explorer Internet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the "Plug-in Navigation Address Bar Spoofing Vulnerability." | 5.0 |