CVSS: 8.1EPSS: 72%CPEs: 3EXPL: 1CVE-2005-0056
https://notcve.org/view.php?id=CVE-2005-0056
08 Feb 2005 — Internet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the "Channel Definition Format (CDF) Cross Domain Vulnerability." • http://securitytracker.com/id?1013126 •
CVSS: 9.8EPSS: 92%CPEs: 35EXPL: 2CVE-2005-0053 – Microsoft Internet Explorer 5.x - Valid File Drag and Drop Embedded Code (MS04-038)
https://notcve.org/view.php?id=CVE-2005-0053
08 Feb 2005 — Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability." Internet Explorer 5.01, 5.5 y 6 permite a los atacantes remotos ejecutar código arbitrario mediante eventos de arrastrar y soltar, también conocidos como "Vulnerabilidad de arrastrar y soltar". • https://www.exploit-db.com/exploits/24693 •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2005-0110
https://notcve.org/view.php?id=CVE-2005-0110
14 Jan 2005 — Internet Explorer 6 on Windows XP SP2 allows remote attackers to bypass the file download warning dialog and possibly trick an unknowledgeable user into executing arbitrary code via a web page with a body element containing an onclick tag, as demonstrated using the createElement function. • http://marc.info/?l=full-disclosure&m=110569119106172&w=2 •
CVSS: 6.5EPSS: 5%CPEs: 1EXPL: 5CVE-2004-2434 – Microsoft Internet Explorer - 'mshtml.dll' Remote Null Pointer Crash
https://notcve.org/view.php?id=CVE-2004-2434
31 Dec 2004 — Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (browser crash) via a link with "::{" (colon colon left brace), which triggers a null dereference when the user attempts to save the link using "Save As" and Internet Explorer prepares an error message with an attacker-controlled format string. • https://www.exploit-db.com/exploits/376 •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2004-1527
https://notcve.org/view.php?id=CVE-2004-1527
31 Dec 2004 — Microsoft Internet Explorer 6.0 SP1 does not properly handle certain character strings in the Path attribute, which can cause it to modify cookies in other domains when the attacker's domain name is within the target's domain name or when wildcard DNS is being used, which allows remote attackers to hijack web sessions. • http://marc.info/?l=bugtraq&m=110053968530613&w=2 •
CVSS: 6.1EPSS: 77%CPEs: 5EXPL: 2CVE-2004-2383 – Microsoft Internet Explorer 5/6 - Cross-Domain Event Leakage
https://notcve.org/view.php?id=CVE-2004-2383
31 Dec 2004 — Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to bypass cross-frame scripting restrictions and capture keyboard events from other domains via an HTML document with Javascript that is outside a frameset that includes the target domain, then forcing the frameset to maintain focus. NOTE: the discloser claimed that the vendor does not categorize this as a vulnerability, but it can be used in a spoofing scenario; the discloser provides alternate scenarios. Spoofing scenarios are currently i... • https://www.exploit-db.com/exploits/23766 •
CVSS: 9.8EPSS: 12%CPEs: 6EXPL: 3CVE-2004-2291 – Microsoft Internet Explorer - Remote Application.Shell
https://notcve.org/view.php?id=CVE-2004-2291
31 Dec 2004 — Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via an embedded script that uses Shell Helper objects and a shortcut (link) to execute the target script. • https://www.exploit-db.com/exploits/310 •
CVSS: 4.3EPSS: 29%CPEs: 4EXPL: 3CVE-2004-2219
https://notcve.org/view.php?id=CVE-2004-2219
31 Dec 2004 — Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar to facilitate phishing attacks via Javascript that uses an invalid URI, modifies the Location field, then uses history.back to navigate to the previous domain, aka NullyFake. • http://archives.neohapsis.com/archives/bugtraq/2004-08/0215.html •
CVSS: 6.5EPSS: 1%CPEs: 3EXPL: 1CVE-2004-1198
https://notcve.org/view.php?id=CVE-2004-1198
15 Dec 2004 — Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash from memory consumption), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays. • http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1221.html •
CVSS: 7.5EPSS: 33%CPEs: 18EXPL: 1CVE-2004-1155
https://notcve.org/view.php?id=CVE-2004-1155
10 Dec 2004 — Internet Explorer 5.01 through 6 allows remote attackers to spoof arbitrary web sites by injecting content from one window into another window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. NOTE: later research shows that Internet Explorer 7 on Windows XP SP2 is also vulnerable. • http://secunia.com/advisories/13251 •