Vulnerabilities > Microsoft > Internet Explorer > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2002-09-24 | CVE-2002-0648 | Unspecified vulnerability in Microsoft Internet Explorer 5.01/5.5/6.0 The legacy <script> data-island capability for XML in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to read arbitrary XML files, and portions of other files, via a URL whose "src" attribute redirects to a local file. | 5.0 |
| 2002-08-12 | CVE-2002-0500 | Unspecified vulnerability in Microsoft Internet Explorer Internet Explorer 5.0 through 6.0 allows remote attackers to determine the existence of files on the client via an IMG tag with a dynsrc property that references the target file, which sets certain elements of the image object such as file size. | 5.0 |
| 2002-08-12 | CVE-2002-0461 | Unspecified vulnerability in Microsoft Internet Explorer 5.0.1/5.5/6.0 Internet Explorer 5.01 through 6 allows remote attackers to cause a denial of service (application crash) via Javascript in a web page that calls location.replace on itself, causing a loop. | 5.0 |
| 2002-05-29 | CVE-2002-0191 | Unspecified vulnerability in Microsoft Internet Explorer 5.01/5.5/6.0 Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to view arbitrary files that contain the "{" character via script containing the cssText property of the stylesheet object, aka "Local Information Disclosure through HTML Object" vulnerability. | 5.0 |
| 2002-03-25 | CVE-2002-0136 | Unspecified vulnerability in Microsoft Internet Explorer 5.5 Microsoft Internet Explorer 5.5 on Windows 98 allows remote web pages to cause a denial of service (hang) via extremely long values for form fields such as INPUT and TEXTAREA, which can be automatically filled via Javascript. | 5.0 |
| 2002-03-25 | CVE-2002-0101 | Unspecified vulnerability in Microsoft Internet Explorer 5.5/6.0 Microsoft Internet Explorer 6.0 and earlier allows local users to cause a denial of service via an infinite loop for modeless dialogs showModelessDialog, which causes CPU usage while the focus for the dialog is not released. | 5.0 |
| 2002-03-08 | CVE-2002-0057 | Unspecified vulnerability in Microsoft products XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source. | 5.0 |
| 2002-03-08 | CVE-2002-0052 | Unspecified vulnerability in Microsoft Internet Explorer Internet Explorer 6.0 and earlier does not properly handle VBScript in certain domain security checks, which allows remote attackers to read arbitrary files. | 5.0 |
| 2002-03-08 | CVE-2002-0025 | Unspecified vulnerability in Microsoft Internet Explorer 5.01/5.5/6.0 Internet Explorer 5.01, 5.5 and 6.0 does not properly handle the Content-Type HTML header field, which allows remote attackers to modify which application is used to process a document. | 5.0 |
| 2002-03-08 | CVE-2002-0023 | Unspecified vulnerability in Microsoft Internet Explorer 5.01/5.5/6.0 Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read arbitrary files via malformed requests to the GetObject function, which bypass some of GetObject's security checks. | 5.0 |