Filtered by vendor Microsoft Subscriptions
Filtered by product Internet Explorer Subscriptions
Total 1742 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2000-0596 1 Microsoft 1 Internet Explorer 2024-11-20 N/A
Internet Explorer 5.x does not warn a user before opening a Microsoft Access database file that is referenced within ActiveX OBJECT tags in an HTML document, which could allow remote attackers to execute arbitrary commands, aka the "IE Script" vulnerability.
CVE-2000-0519 1 Microsoft 2 Ie, Internet Explorer 2024-11-20 N/A
Internet Explorer 4.x and 5.x does not properly re-validate an SSL certificate if the user establishes a new SSL session with the same server during the same Internet Explorer session, aka one of two different "SSL Certificate Validation" vulnerabilities.
CVE-2000-0518 1 Microsoft 2 Ie, Internet Explorer 2024-11-20 N/A
Internet Explorer 4.x and 5.x does not properly verify all contents of an SSL certificate if a connection is made to the server via an image or a frame, aka one of two different "SSL Certificate Validation" vulnerabilities.
CVE-2000-0503 1 Microsoft 1 Internet Explorer 2024-11-20 N/A
The IFRAME of the WebBrowser control in Internet Explorer 5.01 allows a remote attacker to violate the cross frame security policy via the NavigateComplete2 event.
CVE-2000-0465 1 Microsoft 1 Internet Explorer 2024-11-20 N/A
Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files via the frame, aka the "Frame Domain Verification" vulnerability.
CVE-2000-0464 1 Microsoft 1 Internet Explorer 2024-11-20 N/A
Internet Explorer 4.x and 5.x allows remote attackers to execute arbitrary commands via a buffer overflow in the ActiveX parameter parsing capability, aka the "Malformed Component Attribute" vulnerability.
CVE-2000-0439 1 Microsoft 1 Internet Explorer 2024-11-20 N/A
Internet Explorer 4.0 and 5.0 allows a malicious web site to obtain client cookies from another domain by including that domain name and escaped characters in a URL, aka the "Unauthorized Cookie Access" vulnerability.
CVE-2000-0400 1 Microsoft 1 Internet Explorer 2024-11-20 N/A
The Microsoft Active Movie ActiveX Control in Internet Explorer 5 does not restrict which file types can be downloaded, which allows an attacker to download any type of file to a user's system by encoding it within an email message or news post.
CVE-2000-0329 1 Microsoft 4 Ie, Internet Explorer, Outlook and 1 more 2024-11-20 N/A
A Microsoft ActiveX control allows a remote attacker to execute a malicious cabinet file via an attachment and an embedded script in an HTML mail, aka the "Active Setup Control" vulnerability.
CVE-2000-0266 1 Microsoft 1 Internet Explorer 2024-11-20 N/A
Internet Explorer 5.01 allows remote attackers to bypass the cross frame security policy via a malicious applet that interacts with the Java JSObject to modify the DOM properties to set the IFRAME to an arbitrary Javascript URL.
CVE-2000-0201 1 Microsoft 1 Internet Explorer 2024-11-20 N/A
The window.showHelp() method in Internet Explorer 5.x does not restrict HTML help files (.chm) to be executed from the local host, which allows remote attackers to execute arbitrary commands via Microsoft Networking.
CVE-2000-0162 1 Microsoft 3 Ie, Internet Explorer, Visual Studio 2024-11-20 N/A
The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet that escapes the Java sandbox, aka the "VM File Reading" vulnerability.
CVE-2000-0160 1 Microsoft 3 Ie, Internet Explorer, Outlook 2024-11-20 N/A
The Microsoft Active Setup ActiveX component in Internet Explorer 4.x and 5.x allows a remote attacker to install software components without prompting the user by stating that the software's manufacturer is Microsoft.
CVE-2000-0156 1 Microsoft 1 Internet Explorer 2024-11-20 N/A
Internet Explorer 4.x and 5.x allows remote web servers to access files on the client that are outside of its security domain, aka the "Image Source Redirect" vulnerability.
CVE-2000-0061 1 Microsoft 1 Internet Explorer 2024-11-20 N/A
Internet Explorer 5 does not modify the security zone for a document that is being loaded into a window until after the document has been loaded, which could allow remote attackers to execute Javascript in a different security context while the document is loading.
CVE-2000-0028 1 Microsoft 2 Ie, Internet Explorer 2024-11-20 N/A
Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the cross frame security policy and read files via the external.NavigateAndFind function.
CVE-1999-1578 1 Microsoft 1 Internet Explorer 2024-11-20 N/A
Buffer overflow in Registration Wizard ActiveX control (regwizc.dll, InvokeRegWizard) 3.0.0.0 for Internet Explorer 4.01 and 5 allows remote attackers to execute arbitrary commands.
CVE-1999-1577 1 Microsoft 1 Internet Explorer 2024-11-20 N/A
Buffer overflow in HHOpen ActiveX control (hhopen.ocx) 1.0.0.1 for Internet Explorer 4.01 and 5 allows remote attackers to execute arbitrary commands via long arguments to the OpenHelp method.
CVE-1999-1575 1 Microsoft 1 Internet Explorer 2024-11-20 N/A
The Kodak/Wang (1) Image Edit (imgedit.ocx), (2) Image Annotation (imgedit.ocx), (3) Image Scan (imgscan.ocx), (4) Thumbnail Image (imgthumb.ocx), (5) Image Admin (imgadmin.ocx), (6) HHOpen (hhopen.ocx), (7) Registration Wizard (regwizc.dll), and (8) IE Active Setup (setupctl.dll) ActiveX controls for Internet Explorer (IE) 4.01 and 5.0 are marked as "Safe for Scripting," which allows remote attackers to create and modify files and execute arbitrary commands.
CVE-1999-1473 1 Microsoft 1 Internet Explorer 2024-11-20 N/A
When a Web site redirects the browser to another site, Internet Explorer 3.02 and 4.0 automatically resends authentication information to the second site, aka the "Page Redirect Issue."