CVSS: 5.0EPSS: 2%CPEs: 3EXPL: 0CVE-2002-0025
https://notcve.org/view.php?id=CVE-2002-0025
Internet Explorer 5.01, 5.5 and 6.0 does not properly handle the Content-Type HTML header field, which allows remote attackers to modify which application is used to process a document. Internet Explorer 5.01, 5.5 y 6.0 no maneja apropiadamente la cabecera HTML "Content-Type", lo que permite a atacantes remotos modificar qué aplicación es usada para procesar un documento. • http://online.securityfocus.com/archive/1/255767 http://www.securityfocus.com/bid/4085 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-005 https://exchange.xforce.ibmcloud.com/vulnerabilities/8118 •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2002-0024
https://notcve.org/view.php?id=CVE-2002-0024
File Download box in Internet Explorer 5.01, 5.5 and 6.0 allows an attacker to use the Content-Disposition and Content-Type HTML header fields to modify how the name of the file is displayed, which could trick a user into believing that a file is safe to download. El cuadro de diálogo de descarga de ficheros en Internet Explorer 5.0, 5.5 y 6.0 permite a un atacante usar los campos de cabecera HTML "Content-Type" y "Content-Disposition" para modificar como el nombre del fichero es mostrado, lo que podría engañar a un usuario para que piense que es seguro descargar el fichero. • http://www.securityfocus.com/bid/4087 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-005 •
CVSS: 5.0EPSS: 14%CPEs: 7EXPL: 0CVE-2002-0052
https://notcve.org/view.php?id=CVE-2002-0052
Internet Explorer 6.0 and earlier does not properly handle VBScript in certain domain security checks, which allows remote attackers to read arbitrary files. Internet Explorer 6.0 y anteriores no maneja adecuadamente VBScript en ciertas comprobaciones de seguridad de dominios, lo que permite a atacantes remotos leer ficheros arbitrarios. • http://securitytracker.com/id?1003630 http://www.osvdb.org/763 http://www.securityfocus.com/bid/4158 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-009 •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 1CVE-2002-0027
https://notcve.org/view.php?id=CVE-2002-0027
Internet Explorer 5.5 and 6.0 allows remote attackers to read certain files and spoof the URL in the address bar by using the Document.open function to pass information between two frames from different domains, a new variant of the "Frame Domain Verification" vulnerability described in MS:MS01-058/CAN-2001-0874. Internet Explorer 5.5 y 6.0 permite a atacantes remotos leer ciertos ficheros y falsificar la URL en la barra de direcciones usando la función document.open() para pasar información entre dos marcos de distintos dominios. Es una nueva variante de la vulnerabilidad "Verificación de dominio de marco", descrita en Microsoft Security Bulletin MS01-058 / CAN-2001-0847. • http://www.osvdb.org/3031 http://www.securityfocus.com/archive/1/246522 http://www.securityfocus.com/bid/3721 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-005 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A974 •
CVSS: 5.0EPSS: 2%CPEs: 9EXPL: 0CVE-2002-0057
https://notcve.org/view.php?id=CVE-2002-0057
XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source. El control XMLHTTP en Microsoft XML Core Services 2.6 y versiones posteriores no manejan adecuadamente el establecimiento de valores de la Zona de Seguridad del IE, lo cual permite a atacantes remotos la lectura arbitraria de ficheros especificando un fichero local como una fuente de datos XML. • http://archives.neohapsis.com/archives/bugtraq/2001-12/0152.html http://marc.info/?l=bugtraq&m=101366383408821&w=2 http://www.osvdb.org/3032 http://www.securityfocus.com/bid/3699 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-008 https://exchange.xforce.ibmcloud.com/vulnerabilities/7712 •