Search Results (1744 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-2551 1 Microsoft 9 Internet Explorer, Windows 7, Windows 8 and 6 more 2026-04-21 8.8 High
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-1309.
CVE-1999-0877 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Internet Explorer 5 allows remote attackers to read files via an ExecCommand method called on an IFRAME.
CVE-1999-0967 1 Microsoft 3 Internet Explorer, Outlook Express, Windows Explorer 2026-04-16 N/A
Buffer overflow in the HTML library used by Internet Explorer, Outlook Express, and Windows Explorer via the res: local resource protocol.
CVE-1999-0869 2 Microsoft, Netscape 2 Internet Explorer, Navigator 2026-04-16 N/A
Internet Explorer 3.x to 4.01 allows a remote attacker to insert malicious content into a frame of another web site, aka frame spoofing.
CVE-1999-0981 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Internet Explorer 5.01 and earlier allows a remote attacker to create a reference to a client window and use a server-side redirect to access local files via that window, aka "Server-side Page Reference Redirect."
CVE-2002-0191 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to view arbitrary files that contain the "{" character via script containing the cssText property of the stylesheet object, aka "Local Information Disclosure through HTML Object" vulnerability.
CVE-2002-0189 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Cross-site scripting vulnerability in Internet Explorer 6.0 allows remote attackers to execute scripts in the Local Computer zone via a URL that exploits a local HTML resource file, aka the "Cross-Site Scripting in Local HTML Resource" vulnerability.
CVE-2002-0193 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the first variant of the "Content Disposition" vulnerability.
CVE-2002-0862 2 Apple, Microsoft 10 Macos, Internet Explorer, Office and 7 more 2026-04-16 N/A
The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS.
CVE-1999-0793 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Internet Explorer allows remote attackers to read files by redirecting data to a Javascript applet.
CVE-2002-0832 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Internet Explorer 5, 5.6, and 6 allows remote attackers to bypass cookie privacy settings and store information across browser sessions via the userData (storeuserData) feature.
CVE-1999-1016 2 Microsoft, Qualcomm 4 Frontpage, Internet Explorer, Outlook Express and 1 more 2026-04-16 N/A
Microsoft HTML control as used in (1) Internet Explorer 5.0, (2) FrontPage Express, (3) Outlook Express 5, and (4) Eudora, and possibly others, allows remote malicious web site or HTML emails to cause a denial of service (100% CPU consumption) via large HTML form fields such as text inputs in a table cell.
CVE-2001-0149 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Windows Scripting Host in Internet Explorer 5.5 and earlier allows remote attackers to read arbitrary files via the GetObject Javascript function and the htmlfile ActiveX object.
CVE-1999-0766 1 Microsoft 2 Internet Explorer, Java Virtual Machine 2026-04-16 N/A
The Microsoft Java Virtual Machine allows a malicious Java applet to execute arbitrary commands outside of the sandbox environment.
CVE-2004-0216 1 Microsoft 2 Ie, Internet Explorer 2026-04-16 N/A
Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow.
CVE-1999-0668 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
The scriptlet.typelib ActiveX control is marked as "safe for scripting" for Internet Explorer, which allows a remote attacker to execute arbitrary commands as demonstrated by Bubbleboy.
CVE-2002-0078 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
The zone determination function in Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to run scripts in the Local Computer zone by embedding the script in a cookie, aka the "Cookie-based Script Execution" vulnerability.
CVE-2002-0815 3 Microsoft, Mozilla, Netscape 3 Internet Explorer, Mozilla, Navigator 2026-04-16 N/A
The Javascript "Same Origin Policy" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server's parent DNS domain name to the restricted site, loading a page from the restricted site into one frame, and passing the information to the attacker-controlled frame, which is allowed because the document.domain of the two frames matches on the parent domain.
CVE-1999-0702 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Internet Explorer 5.0 and 5.01 allows remote attackers to modify or execute files via the Import/Export Favorites feature, aka the "ImportExportFavorites" vulnerability.
CVE-2002-0188 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the second variant of the "Content Disposition" vulnerability.