CVSS: 5.0EPSS: 21%CPEs: 7EXPL: 1CVE-2002-0648 – Microsoft Internet Explorer 5/6 - XML Redirect File Disclosure
https://notcve.org/view.php?id=CVE-2002-0648
The legacy <script> data-island capability for XML in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to read arbitrary XML files, and portions of other files, via a URL whose "src" attribute redirects to a local file. La capacidad de isla de datos <script> (legacy - legado - para compatibilidad con anteriores versiones) en XML en Microsoft Internet Explorer 5.01, 5.5 y 6.0 permite a atacantes remotos leer ficheros XML de su elección, y parte de otros ficheros, mediante una URL cuyo atributo "src" redirige a un fichero local. • https://www.exploit-db.com/exploits/21749 http://marc.info/?l=bugtraq&m=103011639524314&w=2 http://www.iss.net/security_center/static/9936.php http://www.securityfocus.com/bid/5560 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-047 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1026 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1148 https://oval.cisecurity.org/repository/search/ •
CVSS: 7.5EPSS: 6%CPEs: 7EXPL: 0CVE-2002-0722
https://notcve.org/view.php?id=CVE-2002-0722
Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to misrepresent the source of a file in the File Download dialogue box to trick users into thinking that the file type is safe to download, aka "File Origin Spoofing." • http://marc.info/?l=bugtraq&m=103054692223380&w=2 http://www.iss.net/security_center/static/9937.php http://www.osvdb.org/5129 http://www.securityfocus.com/bid/5559 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-047 •
CVSS: 7.5EPSS: 27%CPEs: 4EXPL: 1CVE-2002-0723 – Microsoft Internet Explorer 5/6 - OBJECT Tag Same Origin Policy Violation
https://notcve.org/view.php?id=CVE-2002-0723
Microsoft Internet Explorer 5.5 and 6.0 does not properly verify the domain of a frame within a browser window, which allows remote attackers to read client files or invoke executable objects via the Object tag, aka "Cross Domain Verification in Object Tag." • https://www.exploit-db.com/exploits/21606 http://www.iss.net/security_center/static/9537.php http://www.securityfocus.com/bid/5196 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-047 •
CVSS: 6.4EPSS: 94%CPEs: 11EXPL: 1CVE-2002-0976 – Microsoft Internet Explorer 4/5/6 - XML Datasource Applet File Disclosure
https://notcve.org/view.php?id=CVE-2002-0976
Internet Explorer 4.0 and later allows remote attackers to read arbitrary files via a web page that accesses a legacy XML Datasource applet (com.ms.xml.dso.XMLDSO.class) and modifies the base URL to point to the local system, which is trusted by the applet. • https://www.exploit-db.com/exploits/21721 http://marc.info/?l=bugtraq&m=102960731805373&w=2 http://www.iss.net/security_center/static/9885.php http://www.securityfocus.com/bid/5490 •
CVSS: 7.5EPSS: 74%CPEs: 4EXPL: 1CVE-2002-0980 – Microsoft Outlook Express 5/6 - MHTML URL Handler File Rendering
https://notcve.org/view.php?id=CVE-2002-0980
The Web Folder component for Internet Explorer 5.5 and 6.0 writes an error message to a known location in the temporary folder, which allows remote attackers to execute arbitrary code by injecting it into the error message, then referring to the error message file via a mhtml: URL. El componente de Carpetas Web en Internet Explorer 5.5 y 6.0 escribe un mensaje de error en una localización conocida en una carpeta temporal, lo que permite a atacantes remotos ejecutar código arbitrario inyectándolo en el mensaje de error, y refiriendose al mensaje de error mediante una URL mhtml: • https://www.exploit-db.com/exploits/21711 http://marc.info/?l=bugtraq&m=102942234427691&w=2 http://marc.info/?l=ntbugtraq&m=102937705527922&w=2 http://marc.info/?l=vuln-dev&m=102943486811091&w=2 http://www.iss.net/security_center/static/9881.php http://www.securityfocus.com/bid/5473 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-014 •