CVSS: 10.0EPSS: 16%CPEs: 10EXPL: 0CVE-2003-1027
https://notcve.org/view.php?id=CVE-2003-1027
Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability." Internet Explorer 6 SP1 permite a atacantes remotos enviar acciones de arrastrar y soltar y otras acciones con el ratón a otras ventanas usando cacheado de métodos (SaveRef) para acceder al método window.moveBy, que es de otra manera inaccesible, como se demostró por HijackClickV2. • http://marc.info/?l=bugtraq&m=106979479719446&w=2 http://marc.info/?l=bugtraq&m=107038202225587&w=2 http://www.kb.cert.org/vuls/id/413886 http://www.safecenter.net/UMBRELLAWEBV4/HijackClickV2 http://www.securitytracker.com/id?1006036 http://www.us-cert.gov/cas/techalerts/TA04-033A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-004 https://exchange.xforce.ibmcloud.com/vulnerabilities/13844 https://oval.cisecurity.org/repository/search/definition/ •
CVSS: 9.3EPSS: 1%CPEs: 10EXPL: 1CVE-2003-1026 – Microsoft Internet Explorer - URL Injection in History List (MS04-004)
https://notcve.org/view.php?id=CVE-2003-1026
Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability." Internet Explorer SP1 permite a atacantes remotos evitar restricciones de zonas mediante una URL de protocolo JavaScript en un sub-marco, que es añadido al historial de páginas visitadas y es ejecutado en la zona de seguridad de la ventana principal cuando se usa el método JavaScritp "history.back" (mostrar página anterior), como se demostró por BackToFramedJpu. • https://www.exploit-db.com/exploits/151 http://marc.info/?l=bugtraq&m=106979349517578&w=2 http://marc.info/?l=bugtraq&m=107038202225587&w=2 http://www.kb.cert.org/vuls/id/784102 http://www.safecenter.net/UMBRELLAWEBV4/BackToFramedJpu http://www.us-cert.gov/cas/techalerts/TA04-033A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-004 https://exchange.xforce.ibmcloud.com/vulnerabilities/13846 https://oval.cisecurity.org/repository/search/definition • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 97%CPEs: 1EXPL: 4CVE-2003-1025 – Microsoft Internet Explorer 5/6 / Mozilla 1.2.1 - URI Display Obfuscation
https://notcve.org/view.php?id=CVE-2003-1025
Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability." Internet Explorer 6 y posiblemente otras versiones, permite a atacantes remotos suplantar el dominio de una URL mediante un carácter "%01" antes de un carácter "@" (arroba) en la porción usario@dominio de la URL, lo que esconde el resto de la URL, incluyendo el sitio real, en la barra de direcciones. • https://www.exploit-db.com/exploits/23422 https://www.exploit-db.com/exploits/23423 https://www.exploit-db.com/exploits/23465 http://www.kb.cert.org/vuls/id/652278 http://www.securityfocus.com/archive/1/346948 http://www.us-cert.gov/cas/techalerts/TA04-033A.html http://www.zapthedingbat.com/security/ex01/vun1.htm https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-004 https://exchange.xforce.ibmcloud.com/vulnerabilities/13935 https://oval.cisecu • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2003-1305
https://notcve.org/view.php?id=CVE-2003-1305
Microsoft Internet Explorer allows remote attackers to cause a denial of service (resource consumption) via a Javascript src attribute that recursively loads the current web page. • http://archive.cert.uni-stuttgart.de/archive/bugtraq/2003/07/msg00068.html http://www.osvdb.org/2291 •
CVSS: 2.6EPSS: 1%CPEs: 4EXPL: 0CVE-2003-1105
https://notcve.org/view.php?id=CVE-2003-1105
Unknown vulnerability in Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to cause a denial of service (browser or Outlook Express crash) via HTML with certain input tags that are not properly rendered. • http://www.kb.cert.org/vuls/id/813208 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032 https://exchange.xforce.ibmcloud.com/vulnerabilities/13029 •