Microsoft

Internet Explorer

1637 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2003-1025

Exploit
  • EPSS 64.17%
  • Veröffentlicht 20.01.2004 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka ...

9.3

CVE-2003-1026

  • EPSS 55.82%
  • Veröffentlicht 20.01.2004 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is c...

10

CVE-2003-1027

  • EPSS 59.95%
  • Veröffentlicht 20.01.2004 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as de...

5

CVE-2003-1028

  • EPSS 17.76%
  • Veröffentlicht 20.01.2004 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

The download function of Internet Explorer 6 SP1 allows remote attackers to obtain the cache directory name via an HTTP response with an invalid ContentType and a .htm file, which could allow remote attackers to bypass security mechanisms that rely o...

2.6

CVE-2003-1105

  • EPSS 9.23%
  • Veröffentlicht 31.12.2003 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Unknown vulnerability in Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to cause a denial of service (browser or Outlook Express crash) via HTML with certain input tags that are not properly rendered.

4.3

CVE-2003-1505

Exploit
  • EPSS 27.2%
  • Veröffentlicht 31.12.2003 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (crash) by creating a web page or HTML e-mail with a textarea in a div element whose scrollbar-base-color is modified by a CSS style, which is then moved.

5

CVE-2003-1559

  • EPSS 39.88%
  • Veröffentlicht 31.12.2003 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Microsoft Internet Explorer 5.22, and other 5 through 6 SP1 versions, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.

7.5

CVE-2003-0809

Exploit
  • EPSS 45.45%
  • Veröffentlicht 17.11.2003 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Internet Explorer 5.01 through 6.0 does not properly handle object tags returned from a Web server during XML data binding, which allows remote attackers to execute arbitrary code via an HTML e-mail message or web page.

7.5

CVE-2003-0838

  • EPSS 68.35%
  • Veröffentlicht 17.11.2003 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Internet Explorer allows remote attackers to bypass zone restrictions to inject and execute arbitrary programs by creating a popup window and inserting ActiveX object code with a "data" tag pointing to the malicious code, which Internet Explorer trea...

7.5

CVE-2003-0530

  • EPSS 23.69%
  • Veröffentlicht 27.08.2003 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Buffer overflow in the BR549.DLL ActiveX control for Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to execute arbitrary code.