Microsoft: >> Ie >> 4.0 Security Vulnerabilities
Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479. NOTE: it was later reported that 7.0.6000.16473 and earlier are also affected.
CVSS Score
5.0
EPSS Score
0.301
Published
2009-07-22
Internet Explorer 5.1 for Macintosh allows remote attackers to bypass security checks and invoke local AppleScripts within a specific HTML element, aka the "Local Applescript Invocation" vulnerability.
CVSS Score
7.5
EPSS Score
0.428
Published
2002-04-22
Microsoft Internet Explorer 4.0 through 6.0 could allow local users to differentiate between alphanumeric and non-alphanumeric characters used in a password by pressing certain control keys that jump between non-alphanumeric characters, which makes it easier to conduct a brute-force password guessing attack.
CVSS Score
2.1
EPSS Score
0.008
Published
2001-12-31
A function in Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files, aka a variant of the "Frame Domain Verification" vulnerability.
CVSS Score
2.6
EPSS Score
0.163
Published
2000-10-20
Internet Explorer 4.x and 5.x does not properly verify all contents of an SSL certificate if a connection is made to the server via an image or a frame, aka one of two different "SSL Certificate Validation" vulnerabilities.
CVSS Score
2.6
EPSS Score
0.022
Published
2000-06-05
Internet Explorer 4.x and 5.x does not properly re-validate an SSL certificate if the user establishes a new SSL session with the same server during the same Internet Explorer session, aka one of two different "SSL Certificate Validation" vulnerabilities.
CVSS Score
2.6
EPSS Score
0.022
Published
2000-06-05
The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet that escapes the Java sandbox, aka the "VM File Reading" vulnerability.
CVSS Score
5.1
EPSS Score
0.015
Published
2000-02-18
Buffer overflow in Internet Explorer 4.0 via EMBED tag.
CVSS Score
10.0
EPSS Score
0.241
Published
2000-01-04
Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the cross frame security policy and read files via the external.NavigateAndFind function.
CVSS Score
2.6
EPSS Score
0.218
Published
1999-12-23
A Microsoft ActiveX control allows a remote attacker to execute a malicious cabinet file via an attachment and an embedded script in an HTML mail, aka the "Active Setup Control" vulnerability.
CVSS Score
5.1
EPSS Score
0.08
Published
1999-11-11
Page 1