Vulnerabilities > Microsoft > Internet Explorer > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2002-12-31 | CVE-2002-1714 | Unspecified vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to cause a denial of service (crash) via an object of type "text/html" with the DATA field that identifies the HTML document that contains the object, which may cause infinite recursion. | 5.0 |
| 2002-12-31 | CVE-2002-1705 | Unspecified vulnerability in Microsoft Internet Explorer 5.5/6.0 Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to cause a denial of service (crash) via a Cascading Style Sheet (CSS) with the p{cssText} element declared and a bold font weight. | 5.0 |
| 2002-12-31 | CVE-2002-1688 | Unspecified vulnerability in Microsoft Internet Explorer 5.5/6.0 The browser history feature in Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to execute arbitrary script as other users and steal authentication information via cookies by injecting JavaScript into the URL, which is executed when the user hits the Back button. | 5.0 |
| 2002-12-31 | CVE-2002-1671 | Unspecified vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 5.0, 5.01, and 5.5 allows remote attackers to monitor the contents of the clipboard via the getData method of the clipboardData object. | 5.0 |
| 2002-12-31 | CVE-2002-1670 | Unspecified vulnerability in Microsoft Internet Explorer and Windows XP Microsoft Windows XP Professional upgrade edition overwrites previously installed patches for Internet Explorer 6.0, leaving Internet Explorer unpatched. | 4.6 |
| 2002-12-11 | CVE-2002-1188 | Unspecified vulnerability in Microsoft Internet Explorer 5.0.1/5.5/6.0 Internet Explorer 5.01 through 6.0 allows remote attackers to identify the path to the Temporary Internet Files folder and obtain user information such as cookies via certain uses of the OBJECT tag, which are not subjected to the proper security checks, aka "Temporary Internet Files folders Name Reading." | 6.4 |
| 2002-12-11 | CVE-2002-1187 | Unspecified vulnerability in Microsoft Internet Explorer Cross-site scripting vulnerability (XSS) in Internet Explorer 5.01 through 6.0 allows remote attackers to read and execute files on the local system via web pages using the <frame> or <iframe> element and javascript, aka "Frames Cross Site Scripting," as demonstrated using the PrivacyPolicy.dlg resource. network microsoft | 6.8 |
| 2002-12-11 | CVE-2002-1186 | Unspecified vulnerability in Microsoft IE and Internet Explorer Internet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters within a URL, which allows a remote attacker to steal potentially sensitive information from a user by redirecting the user to another site that has that information, aka "Encoded Characters Information Disclosure." | 5.0 |
| 2002-12-11 | CVE-2002-1185 | Unspecified vulnerability in Microsoft IE and Internet Explorer Internet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes during decompression, aka "Malformed PNG Image File Failure." | 5.0 |
| 2002-09-24 | CVE-2002-0976 | Unspecified vulnerability in Microsoft Internet Explorer Internet Explorer 4.0 and later allows remote attackers to read arbitrary files via a web page that accesses a legacy XML Datasource applet (com.ms.xml.dso.XMLDSO.class) and modifies the base URL to point to the local system, which is trusted by the applet. | 6.4 |