CVSS: 4.3EPSS: 2%CPEs: 2EXPL: 2CVE-2003-0446 – Microsoft Internet Explorer 5/6 - MSXML XML File Parsing Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2003-0446
Cross-site scripting (XSS) in Internet Explorer 5.5 and 6.0, possibly in a component that is also used by other Microsoft products, allows remote attackers to insert arbitrary web script via an XML file that contains a parse error, which inserts the script in the resulting error message. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Internet Explorer 5.5 y 6.0, probablemente en un componente que también es utilizado por otros productos de Microsoft, permite a atacantes remotos la inserción de rutinas web arbitrarias mediante un fichero XML que contiene un error sintáctico, que inserta la rutina en el mensaje de error resultante. • https://www.exploit-db.com/exploits/22783 http://archives.neohapsis.com/archives/bugtraq/2003-06/0120.html http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005762.html http://marc.info/?l=bugtraq&m=105585986015421&w=2 http://marc.info/?l=bugtraq&m=105595990924165&w=2 http://marc.info/?l=ntbugtraq&m=105585001905002&w=2 http://secunia.com/advisories/9055 http://security.greymagic.com/adv/gm013-ie http://www.osvdb.org/3065 http://www.securityfocus.com&# •
CVSS: 5.1EPSS: 13%CPEs: 3EXPL: 2CVE-2003-0447 – Microsoft Internet Explorer 5 - Custom HTTP Error HTML Injection
https://notcve.org/view.php?id=CVE-2003-0447
The Custom HTTP Errors capability in Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute script in the Local Zone via an argument to shdocvw.dll that causes a "javascript:" link to be generated. La característica de errores HTTP personalizados en Internet Explorer 5.01, 5.5 y 6.0 permite a atacantes remotos ejecutar script en la Zona Local mediante un argumento a shdocvw.dll que causa que se genere un enlace "javascript:" • https://www.exploit-db.com/exploits/22784 http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005763.html http://marc.info/?l=bugtraq&m=105585933614773&w=2 http://marc.info/?l=ntbugtraq&m=105585142406147&w=2 http://security.greymagic.com/adv/gm014-ie •
CVSS: 7.5EPSS: 95%CPEs: 4EXPL: 3CVE-2003-0344 – Microsoft Internet Explorer - Object Tag (MS03-020)
https://notcve.org/view.php?id=CVE-2003-0344
Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page. Desbordamiento de búfer en Microsoft Internet Explorer 5.01, 5.5, y 6.0 permite que atacantes remotos ejecuten código arbitrario mediante un caracter "/" (barra inclinada) en la propiedad Type de un tag Object en una página web. • https://www.exploit-db.com/exploits/37 https://www.exploit-db.com/exploits/16581 https://www.exploit-db.com/exploits/22726 http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006401.html http://marc.info/?l=bugtraq&m=105476381609135&w=2 http://secunia.com/advisories/8943 http://www.eeye.com/html/Research/Advisories/AD20030604.html http://www.kb.cert.org/vuls/id/679556 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-020 https:/ •
CVSS: 5.0EPSS: 9%CPEs: 3EXPL: 0CVE-2002-1564
https://notcve.org/view.php?id=CVE-2002-1564
Internet Explorer 5.5 and 6.0 allows remote attackers to steal potentially sensitive information from cookies via a cookie that contains script which is executed when a page is loaded, aka the "Script within Cookies Reading Cookies" vulnerability. Internet Explorer 5.5 y 6.0 permiten que atacantes remotos roben información (potencialmente confidencial) mediante cookies que contienen script que se ejecuta cuando se carga una página (también conocida como vulnerabilidad de "Script dentro de cookies que lee otras cookies" • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-023 •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 1CVE-2003-0309 – Microsoft Internet Explorer 5/6 - 'file://' Request Zone Bypass
https://notcve.org/view.php?id=CVE-2003-0309
Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to bypass security zone restrictions and execute arbitrary programs via a web document with a large number of duplicate file:// or other requests that point to the program and open multiple file download dialogs, which eventually cause Internet Explorer to execute the program, as demonstrated using a large number of FRAME or IFRAME tags, aka the "File Download Dialog Vulnerability." Internet Explorer 6.0.2800 permite que atacantes remotos se salten las restricciones de la zona de seguridad y ejecuten código arbitrario mediante un documento web con un elevado número de file:// u otras peticiones que apunten al programa, lo que ocasionalmente provoca que el Internet Explorer ejecute el programa, como se ha demostrado usando un elevado número de tags FRAME o IFRAME. • https://www.exploit-db.com/exploits/22575 http://marc.info/?l=bugtraq&m=105249399103214&w=2 http://marc.info/?l=bugtraq&m=105294081325040&w=2 http://marc.info/?l=ntbugtraq&m=105294162726096&w=2 http://secunia.com/advisories/8807 http://www.kb.cert.org/vuls/id/251788 http://www.securityfocus.com/bid/7539 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-020 https://exchange.xforce.ibmcloud.com/vulnerabilities/12019 https://oval.cisecurity. •