Total
1742 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-1999-1016 | 2 Microsoft, Qualcomm | 4 Frontpage, Internet Explorer, Outlook Express and 1 more | 2021-07-22 | 5.0 MEDIUM | N/A |
Microsoft HTML control as used in (1) Internet Explorer 5.0, (2) FrontPage Express, (3) Outlook Express 5, and (4) Eudora, and possibly others, allows remote malicious web site or HTML emails to cause a denial of service (100% CPU consumption) via large HTML form fields such as text inputs in a table cell. | |||||
CVE-1999-1577 | 1 Microsoft | 1 Internet Explorer | 2021-07-22 | 5.1 MEDIUM | N/A |
Buffer overflow in HHOpen ActiveX control (hhopen.ocx) 1.0.0.1 for Internet Explorer 4.01 and 5 allows remote attackers to execute arbitrary commands via long arguments to the OpenHelp method. | |||||
CVE-2001-0807 | 1 Microsoft | 1 Internet Explorer | 2021-07-22 | 2.6 LOW | N/A |
Internet Explorer 5.0, and possibly other versions, may allow remote attackers (malicious web pages) to read known text files from a client's hard drive via a SCRIPT tag with a SRC value that points to the text file. | |||||
CVE-1999-0669 | 1 Microsoft | 1 Internet Explorer | 2021-07-22 | 4.0 MEDIUM | N/A |
The Eyedog ActiveX control is marked as "safe for scripting" for Internet Explorer, which allows a remote attacker to execute arbitrary commands as demonstrated by Bubbleboy. | |||||
CVE-1999-1370 | 1 Microsoft | 1 Internet Explorer | 2021-07-22 | 7.2 HIGH | N/A |
The setup wizard (ie5setup.exe) for Internet Explorer 5.0 disables (1) the screen saver, which could leave the system open to users with physical access if a failure occurs during an unattended installation, and (2) the Task Scheduler Service, which might prevent the scheduled execution of security-critical programs. | |||||
CVE-1999-1578 | 1 Microsoft | 1 Internet Explorer | 2021-07-22 | 5.1 MEDIUM | N/A |
Buffer overflow in Registration Wizard ActiveX control (regwizc.dll, InvokeRegWizard) 3.0.0.0 for Internet Explorer 4.01 and 5 allows remote attackers to execute arbitrary commands. | |||||
CVE-1999-0670 | 1 Microsoft | 1 Internet Explorer | 2021-07-22 | 4.0 MEDIUM | N/A |
Buffer overflow in the Eyedog ActiveX control allows a remote attacker to execute arbitrary commands. | |||||
CVE-1999-0490 | 1 Microsoft | 1 Internet Explorer | 2021-07-22 | 7.5 HIGH | N/A |
MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to learn information about a local user's files via an IMG SRC tag. | |||||
CVE-1999-0793 | 1 Microsoft | 1 Internet Explorer | 2021-07-22 | 2.6 LOW | N/A |
Internet Explorer allows remote attackers to read files by redirecting data to a Javascript applet. | |||||
CVE-1999-1575 | 1 Microsoft | 1 Internet Explorer | 2021-07-22 | 5.1 MEDIUM | N/A |
The Kodak/Wang (1) Image Edit (imgedit.ocx), (2) Image Annotation (imgedit.ocx), (3) Image Scan (imgscan.ocx), (4) Thumbnail Image (imgthumb.ocx), (5) Image Admin (imgadmin.ocx), (6) HHOpen (hhopen.ocx), (7) Registration Wizard (regwizc.dll), and (8) IE Active Setup (setupctl.dll) ActiveX controls for Internet Explorer (IE) 4.01 and 5.0 are marked as "Safe for Scripting," which allows remote attackers to create and modify files and execute arbitrary commands. | |||||
CVE-1999-1235 | 1 Microsoft | 1 Internet Explorer | 2021-07-22 | 4.6 MEDIUM | N/A |
Internet Explorer 5.0 records the username and password for FTP servers in the URL history, which could allow (1) local users to read the information from another user's index.dat, or (2) people who are physically observing ("shoulder surfing") another user to read the information from the status bar when the user moves the mouse over a link. | |||||
CVE-1999-0488 | 1 Microsoft | 1 Internet Explorer | 2021-07-22 | 7.5 HIGH | N/A |
Internet Explorer 4.0 and 5.0 allows a remote attacker to execute security scripts in a different security context using malicious URLs, a variant of the "cross frame" vulnerability. | |||||
CVE-1999-0487 | 1 Microsoft | 1 Internet Explorer | 2021-07-22 | 2.6 LOW | N/A |
The DHTML Edit ActiveX control in Internet Explorer allows remote attackers to read arbitrary files. | |||||
CVE-1999-0468 | 1 Microsoft | 1 Internet Explorer | 2021-07-22 | 2.6 LOW | N/A |
Internet Explorer 5.0 allows a remote server to read arbitrary files on the client's file system using the Microsoft Scriptlet Component. | |||||
CVE-1999-0354 | 1 Microsoft | 2 Internet Explorer, Word | 2021-07-22 | 7.5 HIGH | N/A |
Internet Explorer 4.x or 5.x with Word 97 allows arbitrary execution of Visual Basic programs to the IE client through the Word 97 template, which doesn't warn the user that the template contains executable content. Also applies to Outlook when the client views a malicious email message. | |||||
CVE-1999-1110 | 1 Microsoft | 1 Internet Explorer | 2021-07-22 | 5.0 MEDIUM | N/A |
Windows Media Player ActiveX object as used in Internet Explorer 5.0 returns a specific error code when a file does not exist, which allows remote malicious web sites to determine the existence of files on the client. | |||||
CVE-1999-1093 | 1 Microsoft | 1 Internet Explorer | 2021-07-22 | 5.1 MEDIUM | N/A |
Buffer overflow in the Window.External function in the JScript Scripting Engine in Internet Explorer 4.01 SP1 and earlier allows remote attackers to execute arbitrary commands via a malicious web page. | |||||
CVE-1999-0870 | 1 Microsoft | 1 Internet Explorer | 2021-07-22 | 2.6 LOW | N/A |
Internet Explorer 4.01 allows remote attackers to read arbitrary files by pasting a file name into the file upload control, aka untrusted scripted paste. | |||||
CVE-1999-1087 | 1 Microsoft | 1 Internet Explorer | 2021-07-22 | 7.5 HIGH | N/A |
Internet Explorer 4 treats a 32-bit number ("dotless IP address") in the a URL as the hostname instead of an IP address, which causes IE to apply Local Intranet Zone settings to the resulting web page, allowing remote malicious web servers to conduct unauthorized activities by using URLs that contain the dotless IP address for their server. | |||||
CVE-1999-0869 | 2 Microsoft, Netscape | 2 Internet Explorer, Navigator | 2021-07-22 | 2.6 LOW | N/A |
Internet Explorer 3.x to 4.01 allows a remote attacker to insert malicious content into a frame of another web site, aka frame spoofing. |