CVSS: 5.9EPSS: 0%CPEs: 14EXPL: 0CVE-2000-0518
https://notcve.org/view.php?id=CVE-2000-0518
05 Jun 2000 — Internet Explorer 4.x and 5.x does not properly verify all contents of an SSL certificate if a connection is made to the server via an image or a frame, aka one of two different "SSL Certificate Validation" vulnerabilities. • http://www.acrossecurity.com/aspr/ASPR-1999-12-15-1-PUB.txt •
CVSS: 7.4EPSS: 0%CPEs: 14EXPL: 0CVE-2000-0519
https://notcve.org/view.php?id=CVE-2000-0519
05 Jun 2000 — Internet Explorer 4.x and 5.x does not properly re-validate an SSL certificate if the user establishes a new SSL session with the same server during the same Internet Explorer session, aka one of two different "SSL Certificate Validation" vulnerabilities. • http://www.acrossecurity.com/aspr/ASPR-1999-12-15-1-PUB.txt •
CVSS: 5.1EPSS: 63%CPEs: 4EXPL: 1CVE-2000-0465 – Microsoft Internet Explorer 4.0/5.0/5.5 preview/5.0.1 - DocumentComplete() Cross Frame Access
https://notcve.org/view.php?id=CVE-2000-0465
17 May 2000 — Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files via the frame, aka the "Frame Domain Verification" vulnerability. • https://www.exploit-db.com/exploits/19939 •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2000-0464
https://notcve.org/view.php?id=CVE-2000-0464
17 May 2000 — Internet Explorer 4.x and 5.x allows remote attackers to execute arbitrary commands via a buffer overflow in the ActiveX parameter parsing capability, aka the "Malformed Component Attribute" vulnerability. • http://www.microsoft.com/technet/support/kb.asp?ID=261257 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2000-0400 – Microsoft Active Movie Control 1.0 - Filetype
https://notcve.org/view.php?id=CVE-2000-0400
13 May 2000 — The Microsoft Active Movie ActiveX Control in Internet Explorer 5 does not restrict which file types can be downloaded, which allows an attacker to download any type of file to a user's system by encoding it within an email message or news post. • https://www.exploit-db.com/exploits/19928 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2000-0439
https://notcve.org/view.php?id=CVE-2000-0439
11 May 2000 — Internet Explorer 4.0 and 5.0 allows a malicious web site to obtain client cookies from another domain by including that domain name and escaped characters in a URL, aka the "Unauthorized Cookie Access" vulnerability. • http://www.osvdb.org/1326 •
CVSS: 5.4EPSS: 1%CPEs: 2EXPL: 0CVE-2000-0266
https://notcve.org/view.php?id=CVE-2000-0266
18 Apr 2000 — Internet Explorer 5.01 allows remote attackers to bypass the cross frame security policy via a malicious applet that interacts with the Java JSObject to modify the DOM properties to set the IFRAME to an arbitrary Javascript URL. • http://www.securityfocus.com/bid/1121 •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2000-0201
https://notcve.org/view.php?id=CVE-2000-0201
01 Mar 2000 — The window.showHelp() method in Internet Explorer 5.x does not restrict HTML help files (.chm) to be executed from the local host, which allows remote attackers to execute arbitrary commands via Microsoft Networking. • http://www.securityfocus.com/bid/1033 •
CVSS: 7.6EPSS: 0%CPEs: 3EXPL: 0CVE-2000-0160
https://notcve.org/view.php?id=CVE-2000-0160
21 Feb 2000 — The Microsoft Active Setup ActiveX component in Internet Explorer 4.x and 5.x allows a remote attacker to install software components without prompting the user by stating that the software's manufacturer is Microsoft. • http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=20000221103938.T21312%40securityfocus.com •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2000-0162
https://notcve.org/view.php?id=CVE-2000-0162
18 Feb 2000 — The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet that escapes the Java sandbox, aka the "VM File Reading" vulnerability. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-011 •