Search Results (1744 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-1999-1110 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Windows Media Player ActiveX object as used in Internet Explorer 5.0 returns a specific error code when a file does not exist, which allows remote malicious web sites to determine the existence of files on the client.
CVE-2002-1186 1 Microsoft 2 Ie, Internet Explorer 2026-04-16 N/A
Internet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters within a URL, which allows a remote attacker to steal potentially sensitive information from a user by redirecting the user to another site that has that information, aka "Encoded Characters Information Disclosure."
CVE-2002-0862 2 Apple, Microsoft 10 Macos, Internet Explorer, Office and 7 more 2026-04-16 N/A
The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS.
CVE-2006-3899 1 Microsoft 2 Internet Explorer, Windows Xp 2026-04-16 N/A
Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to cause a denial of service (application crash) by calling the stringToBinary function of the CEnroll.CEnroll.2 ActiveX object with a long second argument, which triggers an invalid memory access inside the SysAllocStringLen function.
CVE-1999-1016 2 Microsoft, Qualcomm 4 Frontpage, Internet Explorer, Outlook Express and 1 more 2026-04-16 N/A
Microsoft HTML control as used in (1) Internet Explorer 5.0, (2) FrontPage Express, (3) Outlook Express 5, and (4) Eudora, and possibly others, allows remote malicious web site or HTML emails to cause a denial of service (100% CPU consumption) via large HTML form fields such as text inputs in a table cell.
CVE-2002-1187 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Cross-site scripting vulnerability (XSS) in Internet Explorer 5.01 through 6.0 allows remote attackers to read and execute files on the local system via web pages using the <frame> or <iframe> element and javascript, aka "Frames Cross Site Scripting," as demonstrated using the PrivacyPolicy.dlg resource.
CVE-2003-0701 1 Microsoft 2 Ie, Internet Explorer 2026-04-16 N/A
Buffer overflow in Internet Explorer 6 SP1 for certain languages that support double-byte encodings (e.g., Japanese) allows remote attackers to execute arbitrary code via the Type property of an Object tag, a variant of CVE-2003-0344.
CVE-2001-0332 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Internet Explorer 5.5 and earlier does not properly verify the domain of a frame within a browser window, which allows remote web site operators to read certain files on the client by sending information from a local frame to a frame in a different domain using MSScriptControl.ScriptControl and GetObject, aka a variant of the "Frame Domain Verification" vulnerability.
CVE-2002-0193 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the first variant of the "Content Disposition" vulnerability.
CVE-2002-0189 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Cross-site scripting vulnerability in Internet Explorer 6.0 allows remote attackers to execute scripts in the Local Computer zone via a URL that exploits a local HTML resource file, aka the "Cross-Site Scripting in Local HTML Resource" vulnerability.
CVE-2002-0188 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the second variant of the "Content Disposition" vulnerability.
CVE-2002-0191 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to view arbitrary files that contain the "{" character via script containing the cssText property of the stylesheet object, aka "Local Information Disclosure through HTML Object" vulnerability.
CVE-1999-0869 2 Microsoft, Netscape 2 Internet Explorer, Navigator 2026-04-16 N/A
Internet Explorer 3.x to 4.01 allows a remote attacker to insert malicious content into a frame of another web site, aka frame spoofing.
CVE-1999-0793 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Internet Explorer allows remote attackers to read files by redirecting data to a Javascript applet.
CVE-2002-0832 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Internet Explorer 5, 5.6, and 6 allows remote attackers to bypass cookie privacy settings and store information across browser sessions via the userData (storeuserData) feature.
CVE-1999-0877 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Internet Explorer 5 allows remote attackers to read files via an ExecCommand method called on an IFRAME.
CVE-2006-3591 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) by accessing the URL property of a TriEditDocument.TriEditDocument object before it has been initialized, which triggers a NULL pointer dereference.
CVE-2006-3511 1 Microsoft 2 Internet Explorer, Windows Xp 2026-04-16 N/A
Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by setting the fonts property of the HtmlDlgSafeHelper object, which triggers a null dereference.
CVE-2000-0982 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Internet Explorer before 5.5 forwards cached user credentials for a secure web site to insecure pages on the same web site, which could allow remote attackers to obtain the credentials by monitoring connections to the web server, aka the "Cached Web Credentials" vulnerability.
CVE-1999-0967 1 Microsoft 3 Internet Explorer, Outlook Express, Windows Explorer 2026-04-16 N/A
Buffer overflow in the HTML library used by Internet Explorer, Outlook Express, and Windows Explorer via the res: local resource protocol.