CVSS: 5.0EPSS: 5%CPEs: 2EXPL: 0CVE-2006-2056
https://notcve.org/view.php?id=CVE-2006-2056
Argument injection vulnerability in Internet Explorer 6 for Windows XP SP2 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API. • http://ingehenriksen.blogspot.com/2006/04/office-2003-file-attachment-exploit.html http://www.securityfocus.com/archive/1/432009/100/0/threaded http://www.vupen.com/english/advisories/2006/1538 https://exchange.xforce.ibmcloud.com/vulnerabilities/26118 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 4.3EPSS: 91%CPEs: 2EXPL: 3CVE-2006-1626 – Microsoft Internet Explorer 5 - Address Bar Spoofing
https://notcve.org/view.php?id=CVE-2006-1626
Internet Explorer 6 for Windows XP SP2 and earlier allows remote attackers to spoof the address bar and possibly conduct phishing attacks by re-opening the window to a malicious Shockwave Flash application, then changing the window location back to a trusted URL while the Flash application is still loading. NOTE: this is a different vulnerability than CVE-2006-1192. • https://www.exploit-db.com/exploits/27577 http://secunia.com/Internet_Explorer_Address_Bar_Spoofing_Vulnerability_Test http://secunia.com/advisories/19521 http://securitytracker.com/id?1016291 http://www.securityfocus.com/archive/1/429719/100/0/threaded http://www.securityfocus.com/archive/1/429891/100/0/threaded http://www.securityfocus.com/archive/1/440851/100/100/threaded http://www.securityfocus.com/bid/17404 http://www.vupen.com/english/advisories/2006/1218 http://www. • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 7%CPEs: 8EXPL: 3CVE-2005-4717 – Microsoft Internet Explorer 6 - Malformed HTML Parsing Denial of Service
https://notcve.org/view.php?id=CVE-2005-4717
Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereference, probably related to rendering of a DIV element that contains a malformed IMG tag, as demonstrated by IEcrash.htm and IEcrash.rar. • https://www.exploit-db.com/exploits/26457 http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0673.html http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0127.html http://www.securityfocus.com/bid/15268 •
CVSS: 5.1EPSS: 78%CPEs: 5EXPL: 0CVE-2005-2117
https://notcve.org/view.php?id=CVE-2005-2117
Web View in Windows Explorer on Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 does not properly handle certain HTML characters in preview fields, which allows remote user-assisted attackers to execute arbitrary code. • http://secunia.com/advisories/17168 http://secunia.com/advisories/17172 http://secunia.com/advisories/17223 http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf http://www.securityfocus.com/bid/15064 http://www.us-cert.gov/cas/techalerts/TA05-284A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-049 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1291 •
CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0CVE-2005-0954
https://notcve.org/view.php?id=CVE-2005-0954
Windows Explorer and Internet Explorer in Windows 2000 SP1 allows remote attackers to cause a denial of service (CPU consumption) via a malformed Windows Metafile (WMF) file. • http://marc.info/?l=bugtraq&m=111231106513788&w=2 http://www.securiteam.com/windowsntfocus/5CP081FFFY.html http://www.securityfocus.com/bid/9892 https://exchange.xforce.ibmcloud.com/vulnerabilities/15507 •