CVSS: 7.5EPSS: 87%CPEs: 35EXPL: 2CVE-2005-0053 – Microsoft Internet Explorer 5.x - Valid File Drag and Drop Embedded Code (MS04-038)
https://notcve.org/view.php?id=CVE-2005-0053
Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability." Internet Explorer 5.01, 5.5 y 6 permite a los atacantes remotos ejecutar código arbitrario mediante eventos de arrastrar y soltar, también conocidos como "Vulnerabilidad de arrastrar y soltar". • https://www.exploit-db.com/exploits/24693 http://www.kb.cert.org/vuls/id/698835 http://www.securityfocus.com/bid/11466 http://www.us-cert.gov/cas/techalerts/TA05-039A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-008 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-014 https://exchange.xforce.ibmcloud.com/vulnerabilities/19117 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1015 https&# •
CVSS: 7.5EPSS: 95%CPEs: 11EXPL: 0CVE-2005-0055
https://notcve.org/view.php?id=CVE-2005-0055
Internet Explorer 5.01, 5.5, and 6 does not properly validate buffers when handling certain DHTML methods including the createControlRange Javascript function, which allows remote attackers to execute arbitrary code, aka the "DHTML Method Heap Memory Corruption Vulnerability." • http://secunia.com/advisories/11165 http://secunia.com/secunia_research/2004-12/advisory http://securitytracker.com/id?1013125 http://www.kb.cert.org/vuls/id/843771 http://www.us-cert.gov/cas/techalerts/TA05-039A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-014 https://exchange.xforce.ibmcloud.com/vulnerabilities/19137 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1005 https://oval.cisecurity.org/repository/sea •
CVSS: 7.5EPSS: 56%CPEs: 18EXPL: 1CVE-2004-1155
https://notcve.org/view.php?id=CVE-2004-1155
Internet Explorer 5.01 through 6 allows remote attackers to spoof arbitrary web sites by injecting content from one window into another window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. NOTE: later research shows that Internet Explorer 7 on Windows XP SP2 is also vulnerable. • http://secunia.com/advisories/13251 http://secunia.com/advisories/22628 http://secunia.com/multiple_browsers_window_injection_vulnerability_test http://secunia.com/secunia_research/2004-13/advisory http://www.securityfocus.com/archive/1/449917/100/0/threaded http://www.securityfocus.com/bid/11855 •
CVSS: 5.0EPSS: 96%CPEs: 16EXPL: 3CVE-2004-0841 – Microsoft Internet Explorer 5.0.1 - Popup.show Mouse Event Hijacking
https://notcve.org/view.php?id=CVE-2004-0841
Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability." Internet Explorer 6.x permite a atacantes remotos instalar programas de su elección mediante eventos mousedown que llaman al método Popup.show y usan acciones "arrastrar y soltar" en una ventana emergente, también conocida como "HijackClick 3" y la "Vulnerabilidad de descarga de fichero con scritp en etiqueta de imagen" • https://www.exploit-db.com/exploits/24266 http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0498.html http://secunia.com/advisories/12048 http://securitytracker.com/id?1010679 http://www.kb.cert.org/vuls/id/413886 http://www.osvdb.org/7774 http://www.securityfocus.com/archive/1/368652 http://www.securityfocus.com/archive/1/368666 http://www.securityfocus.com/bid/10690 http://www.us-cert.gov/cas/techalerts/TA04-293A.html https://docs.microsoft.com/en- •
CVSS: 7.5EPSS: 96%CPEs: 16EXPL: 3CVE-2004-0842 – Microsoft Internet Explorer 5.0.1 - Style Tag Comment Memory Corruption
https://notcve.org/view.php?id=CVE-2004-0842
Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "<STYLE>@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability." Internet Explorer 6.1 SP1 y anteriores, y posiblemente otras versiones, permiten a atacantes remotos causar una denegación de servicio (caída de aplicación por "corrupción de memoria") mediante ciertos elementos de Hoja de Estilos en Cascada (CSS), como se ha demostrado usanto la cadena "<STYLE>@;/*", posiblemente debido a un terminador de comentario ausente que puede causar una longitud inválida que dispare una operación de copia de memoria grande. • https://www.exploit-db.com/exploits/24328 http://marc.info/?l=bugtraq&m=109107496214572&w=2 http://marc.info/?l=full-disclosure&m=109060455614702&w=2 http://marc.info/?l=full-disclosure&m=109102919426844&w=2 http://secunia.com/advisories/12806 http://www.ciac.org/ciac/bulletins/p-006.shtml http://www.ecqurity.com/adv/IEstyle.html http://www.kb.cert.org/vuls/id/291304 http://www.securiteam.com/exploits/5NP042KF5A.html http://www.securityfocus.com/bid/10816&# •