CVSS: 7.5EPSS: 10%CPEs: 10EXPL: 0CVE-2005-3240
https://notcve.org/view.php?id=CVE-2005-3240
31 Dec 2005 — Race condition in Microsoft Internet Explorer allows user-assisted attackers to overwrite arbitrary files and possibly execute code by tricking a user into performing a drag-and-drop action from certain objects, such as file objects within a folder view, then predicting the drag action, and re-focusing to a malicious window. • http://blogs.technet.com/msrc/archive/2006/02/13/419439.aspx • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 20%CPEs: 4EXPL: 0CVE-2005-2829
https://notcve.org/view.php?id=CVE-2005-2829
14 Dec 2005 — Multiple design errors in Microsoft Internet Explorer 5.01, 5.5, and 6 allow user-assisted attackers to execute arbitrary code by (1) overlaying a malicious new window above a file download box, then (2) using a keyboard shortcut and delaying the display of the file download box until the user hits a shortcut that activates the "Run" button, aka "File Download Dialog Box Manipulation Vulnerability." Múltiples errores de diseño en Microsoft Internet Explorer 5.01, 5.5 y 6 permiten a atacantes con la interven... • http://marc.info/?l=full-disclosure&m=113450519906463&w=2 •
CVSS: 5.9EPSS: 56%CPEs: 4EXPL: 0CVE-2005-2830
https://notcve.org/view.php?id=CVE-2005-2830
14 Dec 2005 — Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka "HTTPS Proxy Vulnerability." Microsoft Interntet Explorer 5.01, 5.5 y 6, cuando usan un servidor proxy HTTPS que requiere autenticación básica, envía la URL en texto claro, lo que permite a atacantes remotos obtener información sensible, tcc "Vulnerabilidad proxy HTTPS" • http://secunia.com/advisories/15368 •
CVSS: 8.8EPSS: 65%CPEs: 11EXPL: 0CVE-2005-2831
https://notcve.org/view.php?id=CVE-2005-2831
14 Dec 2005 — Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, aka a variant of the "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2127. Microsoft Internet Explorer 5.01, 5.5 y 6 permiten a atacantes remotos causar una denegación de servicio... • http://secunia.com/advisories/15368 •
CVSS: 8.8EPSS: 83%CPEs: 3EXPL: 2CVE-2005-1988 – Microsoft Internet Explorer 5.0.1 - '.JPEG' Image Rendering Buffer Overflow
https://notcve.org/view.php?id=CVE-2005-1988
10 Aug 2005 — Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to execute arbitrary code via a web site or an HTML e-mail containing a crafted JPEG image that causes memory corruption, aka "JPEG Image Rendering Memory Corruption Vulnerability". • https://www.exploit-db.com/exploits/25991 •
CVSS: 7.5EPSS: 62%CPEs: 3EXPL: 1CVE-2005-1989 – Microsoft Internet Explorer - 'blnmgr.dll' COM Object Remote (MS05-038)
https://notcve.org/view.php?id=CVE-2005-1989
10 Aug 2005 — Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to obtain information and possibly execute code when browsing from a web site to a web folder view using WebDAV, aka "Web Folder Behaviors Cross-Domain Vulnerability". • https://www.exploit-db.com/exploits/1144 •
CVSS: 7.8EPSS: 82%CPEs: 3EXPL: 1CVE-2005-1990 – Microsoft Internet Explorer - 'blnmgr.dll' COM Object Remote (MS05-038)
https://notcve.org/view.php?id=CVE-2005-1990
10 Aug 2005 — Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, including (1) devenum.dll, (2) diactfrm.dll, (3) wmm2filt.dll, (4) fsusd.dll, (5) dmdskmgr.dll, (6) browsewm.dll, (7) browseui.dll, (8) shell32.dll, (9) mshtml.dll, (10) inetcfg.dll, (11) infosoft.dll, (12) query.dll, (13) syncui.dll, (14) clbcatex.dll, (15) clbcat... • https://www.exploit-db.com/exploits/1144 •
CVSS: 8.8EPSS: 65%CPEs: 11EXPL: 1CVE-2005-2087 – Microsoft Internet Explorer - 'javaprxy.dll' COM Object Remote Overflow
https://notcve.org/view.php?id=CVE-2005-2087
30 Jun 2005 — Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, as demonstrated using the JVIEW Profiler (Javaprxy.dll). NOTE: the researcher says that the vendor could not reproduce this problem. • https://www.exploit-db.com/exploits/1079 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 73%CPEs: 5EXPL: 1CVE-2005-0553 – Microsoft Internet Explorer 5.0.1 - DHTML Object Race Condition Memory Corruption
https://notcve.org/view.php?id=CVE-2005-0553
13 Apr 2005 — Race condition in the memory management routines in the DHTML object processor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail, aka "DHTML Object Memory Corruption Vulnerability". • https://www.exploit-db.com/exploits/25386 •
CVSS: 8.8EPSS: 71%CPEs: 3EXPL: 1CVE-2005-0554 – Microsoft Internet Explorer - DHTML Object Handling (MS05-020)
https://notcve.org/view.php?id=CVE-2005-0554
13 Apr 2005 — Buffer overflow in the URL processor of Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL with a long hostname, aka "URL Parsing Memory Corruption Vulnerability." • https://www.exploit-db.com/exploits/931 •