CVSS: 5.0EPSS: 8%CPEs: 4EXPL: 3CVE-2001-1410 – Microsoft Internet Explorer 5/6 - JavaScript Interface Spoofing
https://notcve.org/view.php?id=CVE-2001-1410
Internet Explorer 6 and earlier allows remote attackers to create chromeless windows using the Javascript window.createPopup method, which could allow attackers to simulate a victim's display and conduct unauthorized activities or steal sensitive data via social engineering. Internet Explorer 6 y anteriores permite a atacantes remotos crear ventanas sin marco encima de todas las demás usando el método Javascript window.createPopup, lo que podría permitir a atacantes simular la pantalla de la víctima y llevar a cabo actividades no autorizadas o robar datos sensibles mediante ingeniería social. • https://www.exploit-db.com/exploits/21127 http://marc.info/?l=bugtraq&m=105820229407274&w=2 http://marc.info/?l=bugtraq&m=105829174431769&w=2 http://www.doxdesk.com/personal/posts/bugtraq/20030713-ie http://www.guninski.com/popspoof.html http://www.kb.cert.org/vuls/id/490708 http://www.securityfocus.com/archive/1/221883 http://www.securityfocus.com/bid/3469 http://www.systemintegra.com/ie-fullscreen https://exchange.xforce.ibmcloud.com/vulnerabilities/7313 •
CVSS: 5.0EPSS: 4%CPEs: 2EXPL: 0CVE-2003-0519
https://notcve.org/view.php?id=CVE-2003-0519
Certain versions of Internet Explorer 5 and 6, in certain Windows environments, allow remote attackers to cause a denial of service (freeze) via a URL to C:\aux (MS-DOS device name) and possibly other devices. Ciertas versiones de Internet Explorer 5 y 7, en ciertos entornos Windows, permite a atacantes remotos causar una denegación de servicio (cuelgue) con una URL a C:\\AUX (nombre de dispositivo MS-DOS) y posiblemente otros dispositivos. • http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006286.html •
CVSS: 4.3EPSS: 2%CPEs: 2EXPL: 2CVE-2003-0446 – Microsoft Internet Explorer 5/6 - MSXML XML File Parsing Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2003-0446
Cross-site scripting (XSS) in Internet Explorer 5.5 and 6.0, possibly in a component that is also used by other Microsoft products, allows remote attackers to insert arbitrary web script via an XML file that contains a parse error, which inserts the script in the resulting error message. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Internet Explorer 5.5 y 6.0, probablemente en un componente que también es utilizado por otros productos de Microsoft, permite a atacantes remotos la inserción de rutinas web arbitrarias mediante un fichero XML que contiene un error sintáctico, que inserta la rutina en el mensaje de error resultante. • https://www.exploit-db.com/exploits/22783 http://archives.neohapsis.com/archives/bugtraq/2003-06/0120.html http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005762.html http://marc.info/?l=bugtraq&m=105585986015421&w=2 http://marc.info/?l=bugtraq&m=105595990924165&w=2 http://marc.info/?l=ntbugtraq&m=105585001905002&w=2 http://secunia.com/advisories/9055 http://security.greymagic.com/adv/gm013-ie http://www.osvdb.org/3065 http://www.securityfocus.com&# •
CVSS: 5.1EPSS: 13%CPEs: 3EXPL: 2CVE-2003-0447 – Microsoft Internet Explorer 5 - Custom HTTP Error HTML Injection
https://notcve.org/view.php?id=CVE-2003-0447
The Custom HTTP Errors capability in Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute script in the Local Zone via an argument to shdocvw.dll that causes a "javascript:" link to be generated. La característica de errores HTTP personalizados en Internet Explorer 5.01, 5.5 y 6.0 permite a atacantes remotos ejecutar script en la Zona Local mediante un argumento a shdocvw.dll que causa que se genere un enlace "javascript:" • https://www.exploit-db.com/exploits/22784 http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005763.html http://marc.info/?l=bugtraq&m=105585933614773&w=2 http://marc.info/?l=ntbugtraq&m=105585142406147&w=2 http://security.greymagic.com/adv/gm014-ie •
CVSS: 7.5EPSS: 95%CPEs: 4EXPL: 3CVE-2003-0344 – Microsoft Internet Explorer - Object Tag (MS03-020)
https://notcve.org/view.php?id=CVE-2003-0344
Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page. Desbordamiento de búfer en Microsoft Internet Explorer 5.01, 5.5, y 6.0 permite que atacantes remotos ejecuten código arbitrario mediante un caracter "/" (barra inclinada) en la propiedad Type de un tag Object en una página web. • https://www.exploit-db.com/exploits/37 https://www.exploit-db.com/exploits/16581 https://www.exploit-db.com/exploits/22726 http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006401.html http://marc.info/?l=bugtraq&m=105476381609135&w=2 http://secunia.com/advisories/8943 http://www.eeye.com/html/Research/Advisories/AD20030604.html http://www.kb.cert.org/vuls/id/679556 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-020 https:/ •