CVSS: 9.8EPSS: 69%CPEs: 35EXPL: 2CVE-2005-0053 – Microsoft Internet Explorer 5.x - Valid File Drag and Drop Embedded Code (MS04-038)
https://notcve.org/view.php?id=CVE-2005-0053
08 Feb 2005 — Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability." Internet Explorer 5.01, 5.5 y 6 permite a los atacantes remotos ejecutar código arbitrario mediante eventos de arrastrar y soltar, también conocidos como "Vulnerabilidad de arrastrar y soltar". • https://www.exploit-db.com/exploits/24693 •
CVSS: 8.1EPSS: 38%CPEs: 3EXPL: 0CVE-2005-0054
https://notcve.org/view.php?id=CVE-2005-0054
08 Feb 2005 — Internet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a less restrictive security zone and execute arbitrary code via an HTML page containing URLs that contain hostnames that have been double hex encoded, which are decoded twice to generate a malicious hostname, aka the "URL Decoding Zone Spoofing Vulnerability." • http://marc.info/?l=bugtraq&m=110796851002781&w=2 •
CVSS: 9.8EPSS: 44%CPEs: 11EXPL: 0CVE-2005-0055
https://notcve.org/view.php?id=CVE-2005-0055
08 Feb 2005 — Internet Explorer 5.01, 5.5, and 6 does not properly validate buffers when handling certain DHTML methods including the createControlRange Javascript function, which allows remote attackers to execute arbitrary code, aka the "DHTML Method Heap Memory Corruption Vulnerability." • http://secunia.com/advisories/11165 •
CVSS: 8.1EPSS: 32%CPEs: 3EXPL: 1CVE-2005-0056
https://notcve.org/view.php?id=CVE-2005-0056
08 Feb 2005 — Internet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the "Channel Definition Format (CDF) Cross Domain Vulnerability." • http://securitytracker.com/id?1013126 •
CVSS: 4.3EPSS: 24%CPEs: 4EXPL: 3CVE-2004-2219
https://notcve.org/view.php?id=CVE-2004-2219
31 Dec 2004 — Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar to facilitate phishing attacks via Javascript that uses an invalid URI, modifies the Location field, then uses history.back to navigate to the previous domain, aka NullyFake. • http://archives.neohapsis.com/archives/bugtraq/2004-08/0215.html •
CVSS: 7.5EPSS: 12%CPEs: 3EXPL: 1CVE-2004-1376
https://notcve.org/view.php?id=CVE-2004-1376
30 Dec 2004 — Directory traversal vulnerability in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote malicious FTP servers to overwrite arbitrary files via .. (dot dot) sequences in filenames returned from a LIST command. • http://marc.info/?l=bugtraq&m=110461358930103&w=2 •
CVSS: 7.5EPSS: 19%CPEs: 18EXPL: 1CVE-2004-1155
https://notcve.org/view.php?id=CVE-2004-1155
10 Dec 2004 — Internet Explorer 5.01 through 6 allows remote attackers to spoof arbitrary web sites by injecting content from one window into another window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. NOTE: later research shows that Internet Explorer 7 on Windows XP SP2 is also vulnerable. • http://secunia.com/advisories/13251 •
CVSS: 10.0EPSS: 49%CPEs: 22EXPL: 0CVE-2004-0978
https://notcve.org/view.php?id=CVE-2004-0978
21 Oct 2004 — Heap-based buffer overflow in the Hrtbeat.ocx (Heartbeat) ActiveX control for Internet Explorer 5.01 through 6, when users who visit online gaming sites that are associated with MSN, allows remote attackers to execute arbitrary code via the SetupData parameter. • http://marc.info/?l=bugtraq&m=110616221411579&w=2 • CWE-787: Out-of-bounds Write •
CVSS: 6.4EPSS: 40%CPEs: 3EXPL: 0CVE-2004-0845
https://notcve.org/view.php?id=CVE-2004-0845
16 Oct 2004 — Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site. Internet Explorer 5.01, 5.5, y 6 no hace caché adecuadamente de contenido SSL, lo que permite a atacantes remotos obtener información o suplantar contenido mediante un sitio web con el mismo nombre de máquina como el sitio web obje... • http://marc.info/?l=bugtraq&m=109770364504803&w=2 •
CVSS: 10.0EPSS: 48%CPEs: 3EXPL: 0CVE-2004-0216
https://notcve.org/view.php?id=CVE-2004-0216
16 Oct 2004 — Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow. Desbordamiento de búfer en el Motor de Instalación (inseng.dll) de Internet Explorer 5.01, 5.5 y 6 permite a atacantes remotos ejecutar código de su elección mediante un sitio web maliciosos o ... • http://marc.info/?l=bugtraq&m=109760693512754&w=2 •