CVE-2003-0113 – Microsoft Internet Explorer 5 - Remote 'URLMON.dll' Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2003-0113
Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via an HTTP response containing long values in (1) Content-type and (2) Content-encoding fields. Desbordamiento de búfer en URLMON.DLL en Microsoft Internet Explorer 5.01, 5.5 y 6.0 permite a atacantes remotos ejecutar código arbitrario mediante una respuesta HTTP conteniendo valores largos en ciertos campos de cabecera. • https://www.exploit-db.com/exploits/22530 http://marc.info/?l=bugtraq&m=105138417416900&w=2 http://marc.info/?l=bugtraq&m=105718285107246&w=2 http://www.kb.cert.org/vuls/id/169753 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A926 •
CVE-2003-1328 – Microsoft Internet Explorer 5 - ShowHelp Arbitrary Command Execution
https://notcve.org/view.php?id=CVE-2003-1328
The showHelp() function in Microsoft Internet Explorer 5.01, 5.5, and 6.0 supports certain types of pluggable protocols that allow remote attackers to bypass the cross-domain security model and execute arbitrary code, aka "Improper Cross Domain Security Validation with ShowHelp functionality." La función showHelp() en Microsoft Internet Explorer 5.5 y 6.0 soporta ciertos tipos de protocolos enchufables (añadibles) qeu permiten a atacantes remotos evitar el modelo de seguridad de cruce de dominios y ejecutar código arbitrario. También conocida como "Validación de Seguridad entre dominios con funcionalidad showHelp" • https://www.exploit-db.com/exploits/22226 http://archives.neohapsis.com/archives/bugtraq/2003-02/0083.html http://www.ciac.org/ciac/bulletins/n-038.shtml http://www.iss.net/security_center/static/11259.php http://www.kb.cert.org/vuls/id/400577 http://www.securityfocus.com/bid/6780 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-004 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A57 •
CVE-2003-1326
https://notcve.org/view.php?id=CVE-2003-1326
Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka "Improper Cross Domain Security Validation with dialog box." Microsoft Internet Explorer 5.01, 5.5 y 6.0 permite a atacantes remotos evitar el modelo de seguridad entre dominios (cros-domain) para correr script malicioso o programas arbitrarios mediante cuadros de díálogo. También conocida como "Validacíon de Seguridad Entre Dominios inapropiada con cuadro de diálogo". • http://www.ciac.org/ciac/bulletins/n-038.shtml http://www.iss.net/security_center/static/11258.php http://www.securityfocus.com/bid/6779 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-004 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A126 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A178 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A49 •
CVE-2002-2311
https://notcve.org/view.php?id=CVE-2002-2311
Microsoft Internet Explorer 6.0 and possibly others allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript (1) event.ctrlKey or (2) event.shiftKey onkeydown event contained in a webpage. NOTE: it was reported that the vendor has disputed the severity of this issue. • http://online.securityfocus.com/archive/1/283866 http://online.securityfocus.com/archive/1/284068 http://www.iss.net/security_center/static/9653.php http://www.securityfocus.com/bid/5290 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2002-1705 – Microsoft Internet Explorer 5/6 - CSSText Bold Font Denial of Service
https://notcve.org/view.php?id=CVE-2002-1705
Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to cause a denial of service (crash) via a Cascading Style Sheet (CSS) with the p{cssText} element declared and a bold font weight. • https://www.exploit-db.com/exploits/21556 http://online.securityfocus.com/archive/1/277133 http://online.securityfocus.com/archive/1/277140/2002-12-07/2002-12-13/2 http://www.securityfocus.com/bid/5027 https://exchange.xforce.ibmcloud.com/vulnerabilities/9367 •