U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:microsoft:internet_explorer:3.0.1:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 95 matching records.
Displaying matches 81 through 95.
Vuln ID Summary CVSS Severity
CVE-2002-0242

Cross-site scripting vulnerability in Internet Explorer 6 earlier allows remote attackers to execute arbitrary script via an Extended HTML Form, whose output from the remote server is not properly cleansed.

Published: May 29, 2002; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2001-0002

Internet Explorer 5.5 and earlier allows remote attackers to obtain the physical location of cached content and open the content in the Local Computer Zone, then use compiled HTML help (.chm) files to execute arbitrary programs.

Published: July 21, 2001; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2001-0246

Internet Explorer 5.5 and earlier does not properly verify the domain of a frame within a browser window, which allows remote web site operators to read certain files on the client by sending information from a local frame to a frame in a different domain, aka a variant of the "Frame Domain Verification" vulnerability.

Published: June 27, 2001; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2001-0338

Internet Explorer 5.5 and earlier does not properly validate digital certificates when Certificate Revocation List (CRL) checking is enabled, which could allow remote attackers to spoof trusted web sites, aka the "Server certificate validation vulnerability."

Published: June 27, 2001; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 5.1 MEDIUM
CVE-2001-0339

Internet Explorer 5.5 and earlier allows remote attackers to display a URL in the address bar that is different than the URL that is actually being displayed, which could be used in web site spoofing attacks, aka the "Web page spoofing vulnerability."

Published: June 27, 2001; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2001-0149

Windows Scripting Host in Internet Explorer 5.5 and earlier allows remote attackers to read arbitrary files via the GetObject Javascript function and the htmlfile ActiveX object.

Published: June 02, 2001; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2001-0150

Internet Explorer 5.5 and earlier executes Telnet sessions using command line arguments that are specified by the web site, which could allow remote attackers to execute arbitrary commands if the IE client is using the Telnet client provided in Services for Unix (SFU) 2.0, which creates session transcripts.

Published: June 02, 2001; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 5.1 MEDIUM
CVE-2001-0154

HTML e-mail feature in Internet Explorer 5.5 and earlier allows attackers to execute attachments by setting an unusual MIME type for the attachment, which Internet Explorer does not process correctly.

Published: May 03, 2001; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2001-0089

Internet Explorer 5.0 through 5.5 allows remote attackers to read arbitrary files from the client via the INPUT TYPE element in an HTML form, aka the "File Upload via Form" vulnerability.

Published: February 16, 2001; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 2.6 LOW
CVE-1999-1093

Buffer overflow in the Window.External function in the JScript Scripting Engine in Internet Explorer 4.01 SP1 and earlier allows remote attackers to execute arbitrary commands via a malicious web page.

Published: December 31, 1999; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 5.1 MEDIUM
CVE-1999-1094

Buffer overflow in Internet Explorer 4.01 and earlier allows remote attackers to execute arbitrary commands via a long URL with the "mk:" protocol, aka the "MK Overrun security issue."

Published: December 31, 1999; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-1999-0981

Internet Explorer 5.01 and earlier allows a remote attacker to create a reference to a client window and use a server-side redirect to access local files via that window, aka "Server-side Page Reference Redirect."

Published: December 08, 1999; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 5.1 MEDIUM
CVE-1999-0869

Internet Explorer 3.x to 4.01 allows a remote attacker to insert malicious content into a frame of another web site, aka frame spoofing.

Published: December 01, 1998; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 2.6 LOW
CVE-1999-0280

Remote command execution in Microsoft Internet Explorer using .lnk and .url files.

Published: April 01, 1997; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-1999-1128

Internet Explorer 3.01 on Windows 95 allows remote malicious web sites to execute arbitrary commands via a .isp file, which is automatically downloaded and executed without prompting the user.

Published: March 01, 1997; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 5.1 MEDIUM