Vulnerabilities > Microsoft > Internet Explorer > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2004-08-18 | CVE-2004-0839 | Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html". | 5.0 |
2004-08-06 | CVE-2004-0526 | Unspecified vulnerability in Microsoft products Unknown versions of Internet Explorer and Outlook allow remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack. | 5.0 |
2004-02-07 | CVE-2004-2090 | Unspecified vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers to determine the existence of arbitrary files via the VBScript LoadPicture method, which returns an error code if the file does not exist. | 5.0 |
2004-01-20 | CVE-2003-1028 | Unspecified vulnerability in Microsoft IE and Internet Explorer The download function of Internet Explorer 6 SP1 allows remote attackers to obtain the cache directory name via an HTTP response with an invalid ContentType and a .htm file, which could allow remote attackers to bypass security mechanisms that rely on random names, as demonstrated by threadid10008. | 5.0 |
2004-01-20 | CVE-2003-1025 | Improper Input Validation vulnerability in Microsoft Internet Explorer 6.0 Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability." | 4.3 |
2003-12-31 | CVE-2003-1559 | Information Exposure vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 5.22, and other 5 through 6 SP1 versions, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data. | 5.0 |
2003-12-31 | CVE-2003-1505 | Unspecified vulnerability in Microsoft Internet Explorer 6 Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (crash) by creating a web page or HTML e-mail with a textarea in a div element whose scrollbar-base-color is modified by a CSS style, which is then moved. network microsoft | 4.3 |
2003-08-18 | CVE-2003-0519 | Unspecified vulnerability in Microsoft Internet Explorer 5.0/6.0 Certain versions of Internet Explorer 5 and 6, in certain Windows environments, allow remote attackers to cause a denial of service (freeze) via a URL to C:\aux (MS-DOS device name) and possibly other devices. | 5.0 |
2003-08-18 | CVE-2001-1410 | Unspecified vulnerability in Microsoft Internet Explorer 5.5/6.0 Internet Explorer 6 and earlier allows remote attackers to create chromeless windows using the Javascript window.createPopup method, which could allow attackers to simulate a victim's display and conduct unauthorized activities or steal sensitive data via social engineering. | 5.0 |
2003-07-24 | CVE-2003-0447 | Unspecified vulnerability in Microsoft Internet Explorer 5.01/5.5/6.0 The Custom HTTP Errors capability in Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute script in the Local Zone via an argument to shdocvw.dll that causes a "javascript:" link to be generated. | 5.1 |