Microsoft: >> Internet Explorer >> 4.0 Security Vulnerabilities
Internet Explorer 4.x and 5.x allows remote web servers to access files on the client that are outside of its security domain, aka the "Image Source Redirect" vulnerability.
CVSS Score
5.1
EPSS Score
0.175
Published
2000-02-16
Internet Explorer 5 does not modify the security zone for a document that is being loaded into a window until after the document has been loaded, which could allow remote attackers to execute Javascript in a different security context while the document is loading.
CVSS Score
10.0
EPSS Score
0.17
Published
2000-01-07
Buffer overflow in Internet Explorer 4.0 via EMBED tag.
CVSS Score
10.0
EPSS Score
0.241
Published
2000-01-04
Internet Explorer 4 treats a 32-bit number ("dotless IP address") in the a URL as the hostname instead of an IP address, which causes IE to apply Local Intranet Zone settings to the resulting web page, allowing remote malicious web servers to conduct unauthorized activities by using URLs that contain the dotless IP address for their server.
CVSS Score
7.5
EPSS Score
0.102
Published
1999-12-31
Buffer overflow in the Window.External function in the JScript Scripting Engine in Internet Explorer 4.01 SP1 and earlier allows remote attackers to execute arbitrary commands via a malicious web page.
CVSS Score
5.1
EPSS Score
0.063
Published
1999-12-31
Buffer overflow in Internet Explorer 4.01 and earlier allows remote attackers to execute arbitrary commands via a long URL with the "mk:" protocol, aka the "MK Overrun security issue."
CVSS Score
7.5
EPSS Score
0.069
Published
1999-12-31
Internet Explorer 4.0 allows remote attackers to read arbitrary text and HTML files on the user's machine via a small IFRAME that uses Dynamic HTML (DHTML) to send the data to the attacker, aka the Freiburg text-viewing issue.
CVSS Score
5.0
EPSS Score
0.177
Published
1999-12-31
When a Web site redirects the browser to another site, Internet Explorer 3.02 and 4.0 automatically resends authentication information to the second site, aka the "Page Redirect Issue."
CVSS Score
5.0
EPSS Score
0.161
Published
1999-12-31
Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the cross frame security policy and read files via the external.NavigateAndFind function.
CVSS Score
2.6
EPSS Score
0.218
Published
1999-12-23
Internet Explorer 5.01 and earlier allows a remote attacker to create a reference to a client window and use a server-side redirect to access local files via that window, aka "Server-side Page Reference Redirect."
CVSS Score
5.1
EPSS Score
0.033
Published
1999-12-08