Page 128 of 715 results (0.008 seconds)

CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 1

The rendering engine in Internet Explorer determines the MIME type independently of the type that is specified by the server, which allows remote servers to automatically execute script which is placed in a file whose MIME type does not normally support scripting, such as text (.txt), JPEG (.jpg), etc. • http://www.securityfocus.com/archive/1/200109 http://www.securityfocus.com/archive/1/200291 http://www.securityfocus.com/bid/3116 •

CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 3

Internet Explorer 5.5 does not display the Class ID (CLSID) when it is at the end of the file name, which could allow attackers to trick the user into executing dangerous programs by making it appear that the document is of a safe file type. • https://www.exploit-db.com/exploits/20774 http://vil.nai.com/vil/virusSummary.asp?virus_k=99048 http://www.guninski.com/clsidext.html http://www.osvdb.org/7858 http://www.sarc.com/avcenter/venc/data/vbs.postcard%40mm.html http://www.securityfocus.com/archive/1/176909 http://www.securityfocus.com/bid/2612 https://exchange.xforce.ibmcloud.com/vulnerabilities/6426 •

CVSS: 7.5EPSS: 86%CPEs: 1EXPL: 0

Internet Explorer 5.5 and earlier allows remote attackers to display a URL in the address bar that is different than the URL that is actually being displayed, which could be used in web site spoofing attacks, aka the "Web page spoofing vulnerability." • http://www.ciac.org/ciac/bulletins/l-087.shtml http://www.osvdb.org/5694 http://www.securityfocus.com/bid/2737 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-027 https://exchange.xforce.ibmcloud.com/vulnerabilities/6556 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1096 •

CVSS: 5.1EPSS: 1%CPEs: 2EXPL: 0

Internet Explorer 5.5 and earlier does not properly validate digital certificates when Certificate Revocation List (CRL) checking is enabled, which could allow remote attackers to spoof trusted web sites, aka the "Server certificate validation vulnerability." • http://www.ciac.org/ciac/bulletins/l-087.shtml http://www.securityfocus.com/bid/2735 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-027 https://exchange.xforce.ibmcloud.com/vulnerabilities/6555 •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

Internet Explorer 5.5 and earlier does not properly verify the domain of a frame within a browser window, which allows remote web site operators to read certain files on the client by sending information from a local frame to a frame in a different domain, aka a variant of the "Frame Domain Verification" vulnerability. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-027 •