CVSS: 7.5EPSS: 87%CPEs: 35EXPL: 2CVE-2005-0053 – Microsoft Internet Explorer 5.x - Valid File Drag and Drop Embedded Code (MS04-038)
https://notcve.org/view.php?id=CVE-2005-0053
Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability." Internet Explorer 5.01, 5.5 y 6 permite a los atacantes remotos ejecutar código arbitrario mediante eventos de arrastrar y soltar, también conocidos como "Vulnerabilidad de arrastrar y soltar". • https://www.exploit-db.com/exploits/24693 http://www.kb.cert.org/vuls/id/698835 http://www.securityfocus.com/bid/11466 http://www.us-cert.gov/cas/techalerts/TA05-039A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-008 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-014 https://exchange.xforce.ibmcloud.com/vulnerabilities/19117 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1015 https&# •
CVSS: 5.0EPSS: 1%CPEs: 5EXPL: 2CVE-2004-2307
https://notcve.org/view.php?id=CVE-2004-2307
Microsoft Internet Explorer 6.0.2600 on Windows XP allows remote attackers to cause a denial of service (browser crash) via a shell: URI with double backslashes (\\) in an HTML tag such as IFRAME or A. • http://www.securityfocus.com/archive/1/358043 http://www.securityfocus.com/bid/9924 https://exchange.xforce.ibmcloud.com/vulnerabilities/15544 •
CVSS: 5.0EPSS: 93%CPEs: 2EXPL: 1CVE-2004-1043 – Microsoft Internet Explorer (Windows XP SP2) - HTML Help Control Local Zone Bypass
https://notcve.org/view.php?id=CVE-2004-1043
Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to execute arbitrary code by using the "Related Topics" command in the Help ActiveX Control (hhctrl.ocx) to open a Help popup window containing the PCHealth tools.htm file in the local zone and injecting Javascript to be executed, as demonstrated using "writehta.txt" and the ADODB recordset, which saves a .HTA file to the local system, aka the "HTML Help ActiveX control Cross Domain Vulnerability." • https://www.exploit-db.com/exploits/719 http://archives.neohapsis.com/archives/bugtraq/2004-12/0426.html http://www.kb.cert.org/vuls/id/972415 http://www.us-cert.gov/cas/techalerts/TA05-012B.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-001 https://exchange.xforce.ibmcloud.com/vulnerabilities/18311 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1349 https://oval.cisecurity.org/repository/search/definition/oval%3A •
CVSS: 10.0EPSS: 7%CPEs: 22EXPL: 0CVE-2004-0978
https://notcve.org/view.php?id=CVE-2004-0978
Heap-based buffer overflow in the Hrtbeat.ocx (Heartbeat) ActiveX control for Internet Explorer 5.01 through 6, when users who visit online gaming sites that are associated with MSN, allows remote attackers to execute arbitrary code via the SetupData parameter. • http://marc.info/?l=bugtraq&m=110616221411579&w=2 http://www.kb.cert.org/vuls/id/673134 http://www.ngssoftware.com/advisories/heartbeatfull.txt http://www.securityfocus.com/bid/11367 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038 https://exchange.xforce.ibmcloud.com/vulnerabilities/17714 • CWE-787: Out-of-bounds Write •
CVSS: 4.6EPSS: 17%CPEs: 15EXPL: 0CVE-2004-0979
https://notcve.org/view.php?id=CVE-2004-0979
Internet Explorer on Windows XP does not properly modify the "Drag and Drop or copy and paste files" setting when the user sets it to "Disable" or "Prompt," which may enable security-sensitive operations that are inconsistent with the user's intended configuration. • http://www.kb.cert.org/vuls/id/630720 http://www.us-cert.gov/cas/techalerts/TA04-293A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038 https://exchange.xforce.ibmcloud.com/vulnerabilities/17820 •