CVSS: 7.5EPSS: 95%CPEs: 11EXPL: 0CVE-2005-0055
https://notcve.org/view.php?id=CVE-2005-0055
Internet Explorer 5.01, 5.5, and 6 does not properly validate buffers when handling certain DHTML methods including the createControlRange Javascript function, which allows remote attackers to execute arbitrary code, aka the "DHTML Method Heap Memory Corruption Vulnerability." • http://secunia.com/advisories/11165 http://secunia.com/secunia_research/2004-12/advisory http://securitytracker.com/id?1013125 http://www.kb.cert.org/vuls/id/843771 http://www.us-cert.gov/cas/techalerts/TA05-039A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-014 https://exchange.xforce.ibmcloud.com/vulnerabilities/19137 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1005 https://oval.cisecurity.org/repository/sea •
CVSS: 2.6EPSS: 1%CPEs: 1EXPL: 2CVE-2004-2476
https://notcve.org/view.php?id=CVE-2004-2476
Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (infinite loop and crash) via an IFRAME with "?" as the file source. • http://archives.neohapsis.com/archives/bugtraq/2004-04/0061.html http://archives.neohapsis.com/archives/bugtraq/2004-04/0080.html http://www.securityfocus.com/bid/10073 https://exchange.xforce.ibmcloud.com/vulnerabilities/15832 •
CVSS: 5.0EPSS: 1%CPEs: 5EXPL: 2CVE-2004-2307
https://notcve.org/view.php?id=CVE-2004-2307
Microsoft Internet Explorer 6.0.2600 on Windows XP allows remote attackers to cause a denial of service (browser crash) via a shell: URI with double backslashes (\\) in an HTML tag such as IFRAME or A. • http://www.securityfocus.com/archive/1/358043 http://www.securityfocus.com/bid/9924 https://exchange.xforce.ibmcloud.com/vulnerabilities/15544 •
CVSS: 2.6EPSS: 0%CPEs: 1EXPL: 0CVE-2004-2011
https://notcve.org/view.php?id=CVE-2004-2011
msxml3.dll in Internet Explorer 6.0.2600.0 allows remote attackers to cause a denial of service (crash) via a single & (ampersand) in a <Ref href> link, which triggers a parsing error, possibly due to missing portions of the URI. • http://marc.info/?l=bugtraq&m=108422549617947&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/16112 •
CVSS: 2.6EPSS: 59%CPEs: 4EXPL: 3CVE-2004-2219
https://notcve.org/view.php?id=CVE-2004-2219
Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar to facilitate phishing attacks via Javascript that uses an invalid URI, modifies the Location field, then uses history.back to navigate to the previous domain, aka NullyFake. • http://archives.neohapsis.com/archives/bugtraq/2004-08/0215.html http://secunia.com/advisories/12304 http://securitytracker.com/id?1010957 http://umbrella.name/originalvuln/msie/NullyFake/nullyfake-content.txt http://www.osvdb.org/8978 https://exchange.xforce.ibmcloud.com/vulnerabilities/17007 •