CVSS: 9.8EPSS: 12%CPEs: 6EXPL: 3CVE-2004-2291 – Microsoft Internet Explorer - Remote Application.Shell
https://notcve.org/view.php?id=CVE-2004-2291
31 Dec 2004 — Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via an embedded script that uses Shell Helper objects and a shortcut (link) to execute the target script. • https://www.exploit-db.com/exploits/310 •
CVSS: 4.3EPSS: 29%CPEs: 4EXPL: 3CVE-2004-2219
https://notcve.org/view.php?id=CVE-2004-2219
31 Dec 2004 — Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar to facilitate phishing attacks via Javascript that uses an invalid URI, modifies the Location field, then uses history.back to navigate to the previous domain, aka NullyFake. • http://archives.neohapsis.com/archives/bugtraq/2004-08/0215.html •
CVSS: 7.5EPSS: 87%CPEs: 3EXPL: 1CVE-2004-1376
https://notcve.org/view.php?id=CVE-2004-1376
30 Dec 2004 — Directory traversal vulnerability in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote malicious FTP servers to overwrite arbitrary files via .. (dot dot) sequences in filenames returned from a LIST command. • http://marc.info/?l=bugtraq&m=110461358930103&w=2 •
CVSS: 7.5EPSS: 33%CPEs: 18EXPL: 1CVE-2004-1155
https://notcve.org/view.php?id=CVE-2004-1155
10 Dec 2004 — Internet Explorer 5.01 through 6 allows remote attackers to spoof arbitrary web sites by injecting content from one window into another window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. NOTE: later research shows that Internet Explorer 7 on Windows XP SP2 is also vulnerable. • http://secunia.com/advisories/13251 •
CVSS: 10.0EPSS: 26%CPEs: 22EXPL: 0CVE-2004-0978
https://notcve.org/view.php?id=CVE-2004-0978
21 Oct 2004 — Heap-based buffer overflow in the Hrtbeat.ocx (Heartbeat) ActiveX control for Internet Explorer 5.01 through 6, when users who visit online gaming sites that are associated with MSN, allows remote attackers to execute arbitrary code via the SetupData parameter. • http://marc.info/?l=bugtraq&m=110616221411579&w=2 • CWE-787: Out-of-bounds Write •
CVSS: 8.1EPSS: 93%CPEs: 16EXPL: 3CVE-2004-0841 – Microsoft Internet Explorer 5.0.1 - Popup.show Mouse Event Hijacking
https://notcve.org/view.php?id=CVE-2004-0841
14 Sep 2004 — Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability." Internet Explorer 6.x permite a atacantes remotos instalar programas de su elección mediante eventos mousedown que llaman al método Popup.show y usan acciones "arrastrar y soltar" en una ventana emergente, también conocida como "HijackClick 3" y la "Vulne... • https://www.exploit-db.com/exploits/24266 •
CVSS: 8.1EPSS: 95%CPEs: 16EXPL: 3CVE-2004-0842 – Microsoft Internet Explorer 5.0.1 - Style Tag Comment Memory Corruption
https://notcve.org/view.php?id=CVE-2004-0842
14 Sep 2004 — Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "