CVSS: 5.0EPSS: 1%CPEs: 3EXPL: 2CVE-2002-0023 – Microsoft Internet Explorer 5/6 - GetObject File Disclosure
https://notcve.org/view.php?id=CVE-2002-0023
Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read arbitrary files via malformed requests to the GetObject function, which bypass some of GetObject's security checks. Internet Explorer 5.01, 5.5 y 6.0 permite a atacantes remotos leer ficheros arbitrarios mediante peticiones malformadas a la función GetObject(), lo que sortea algunas comprobaciones de seguridad de GetObject() • https://www.exploit-db.com/exploits/21195 http://archives.neohapsis.com/archives/bugtraq/2002-01/0000.html http://www.osvdb.org/3030 http://www.securityfocus.com/bid/3767 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-005 https://exchange.xforce.ibmcloud.com/vulnerabilities/7758 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A40 https:&#x •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2002-0026
https://notcve.org/view.php?id=CVE-2002-0026
Internet Explorer 5.5 and 6.0 allows remote attackers to bypass restrictions for executing scripts via an object that processes asynchronous events after the initial security checks have been made. Internet Explorer 5.5 y 6.0 permite a atacantes remotos sortear las restricciones para ejecutar scripts mediante un objeto que procesa eventos asíncronos despues de que las comprobaciones de seguridad iniciales han sido hechas. • http://www.securityfocus.com/bid/4082 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-005 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A23 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A32 •
CVSS: 5.0EPSS: 2%CPEs: 3EXPL: 0CVE-2002-0025
https://notcve.org/view.php?id=CVE-2002-0025
Internet Explorer 5.01, 5.5 and 6.0 does not properly handle the Content-Type HTML header field, which allows remote attackers to modify which application is used to process a document. Internet Explorer 5.01, 5.5 y 6.0 no maneja apropiadamente la cabecera HTML "Content-Type", lo que permite a atacantes remotos modificar qué aplicación es usada para procesar un documento. • http://online.securityfocus.com/archive/1/255767 http://www.securityfocus.com/bid/4085 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-005 https://exchange.xforce.ibmcloud.com/vulnerabilities/8118 •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2002-0024
https://notcve.org/view.php?id=CVE-2002-0024
File Download box in Internet Explorer 5.01, 5.5 and 6.0 allows an attacker to use the Content-Disposition and Content-Type HTML header fields to modify how the name of the file is displayed, which could trick a user into believing that a file is safe to download. El cuadro de diálogo de descarga de ficheros en Internet Explorer 5.0, 5.5 y 6.0 permite a un atacante usar los campos de cabecera HTML "Content-Type" y "Content-Disposition" para modificar como el nombre del fichero es mostrado, lo que podría engañar a un usuario para que piense que es seguro descargar el fichero. • http://www.securityfocus.com/bid/4087 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-005 •
CVSS: 5.0EPSS: 14%CPEs: 7EXPL: 0CVE-2002-0052
https://notcve.org/view.php?id=CVE-2002-0052
Internet Explorer 6.0 and earlier does not properly handle VBScript in certain domain security checks, which allows remote attackers to read arbitrary files. Internet Explorer 6.0 y anteriores no maneja adecuadamente VBScript en ciertas comprobaciones de seguridad de dominios, lo que permite a atacantes remotos leer ficheros arbitrarios. • http://securitytracker.com/id?1003630 http://www.osvdb.org/763 http://www.securityfocus.com/bid/4158 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-009 •