CVSS: 7.5EPSS: 94%CPEs: 9EXPL: 2CVE-2003-0809 – Microsoft Internet Explorer 5 - XML Page Object Type Validation (MS03-040)
https://notcve.org/view.php?id=CVE-2003-0809
Internet Explorer 5.01 through 6.0 does not properly handle object tags returned from a Web server during XML data binding, which allows remote attackers to execute arbitrary code via an HTML e-mail message or web page. Internet Explorer 5.01 a 6.0 no maneja adecuadamente etiquetas "object" devueltas por un servidor Web durante un una asociación de datos XML, lo que permite a atacantes remotos ejecutar código arbitrario mediante un correo electrónico HTML o una página web. • https://www.exploit-db.com/exploits/23122 http://www.osvdb.org/7887 http://www.securityfocus.com/bid/8565 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-040 https://exchange.xforce.ibmcloud.com/vulnerabilities/13300 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A123 •
CVSS: 7.5EPSS: 95%CPEs: 9EXPL: 1CVE-2003-0838 – Microsoft Internet Explorer 5/6 - Browser Popup Window Object Type Validation
https://notcve.org/view.php?id=CVE-2003-0838
Internet Explorer allows remote attackers to bypass zone restrictions to inject and execute arbitrary programs by creating a popup window and inserting ActiveX object code with a "data" tag pointing to the malicious code, which Internet Explorer treats as HTML or Javascript, but later executes as an HTA application, a different vulnerability than CVE-2003-0532, and as exploited using the QHosts Trojan horse (aka Trojan.Qhosts, QHosts-1, VBS.QHOSTS, or aolfix.exe). Internet Explorer permite a atacantes remotos saltarse restricciones de zona para inyectar y ejecutar programas arbitrarios creando una ventana emergente e insertando un objeto ActiveX con una etiqueta "data" apuntando al código maliciosos, que Internet Explorer trata como HTML o JavaScript, pero luego ejecuta como una aplicación .HTA; una vulnerabilidad diferente de CAN-2003-0532, y explotada por el virus QHosts. • https://www.exploit-db.com/exploits/23114 http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009639.html http://marc.info/?l=bugtraq&m=106304733121753&w=2 http://marc.info/?l=bugtraq&m=106304876523459&w=2 http://marc.info/?l=ntbugtraq&m=106302799428500&w=2 http://securityresponse.symantec.com/avcenter/venc/data/trojan.qhosts.html http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0310&L=ntbugtraq&F=P&S=&P=2169 http://www.osvdb.org/7872 http: •
CVSS: 7.5EPSS: 10%CPEs: 8EXPL: 0CVE-2003-0530
https://notcve.org/view.php?id=CVE-2003-0530
Buffer overflow in the BR549.DLL ActiveX control for Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to execute arbitrary code. Desbordamiento de búfer en el control ActiveX BR549.DLL de Internet Explorer 5.01 SP3 a 6.0 SP1 permite a atacantes remotos ejecutar código arbitrario. • http://secunia.com/advisories/9580 http://securitytracker.com/id?1007538 http://www.cert.org/advisories/CA-2003-22.html http://www.kb.cert.org/vuls/id/548964 http://www.securityfocus.com/bid/8454 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032 https://exchange.xforce.ibmcloud.com/vulnerabilities/12962 •
CVSS: 7.5EPSS: 13%CPEs: 9EXPL: 0CVE-2003-0531
https://notcve.org/view.php?id=CVE-2003-0531
Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to access and execute script in the My Computer domain using the browser cache via crafted Content-Type and Content-Disposition headers, aka the "Browser Cache Script Execution in My Computer Zone" vulnerability. Internet Explorer 5.01 SP3 a 6.0 SP1 permite a atacantes remotos acceder a y ejecutar script en el dominio "Mi PC" usando la caché del navegador; también llamada vulnerabilidad "Ejecución de scritp en el navegador en la zona Mi PC". • http://secunia.com/advisories/9580 http://www.cert.org/advisories/CA-2003-22.html http://www.kb.cert.org/vuls/id/205148 http://www.lac.co.jp/security/english/snsadv_e/67_e.html http://www.securityfocus.com/bid/8457 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032 https://exchange.xforce.ibmcloud.com/vulnerabilities/12961 •
CVSS: 7.5EPSS: 28%CPEs: 9EXPL: 1CVE-2003-0532
https://notcve.org/view.php?id=CVE-2003-0532
Internet Explorer 5.01 SP3 through 6.0 SP1 does not properly determine object types that are returned by web servers, which could allow remote attackers to execute arbitrary code via an object tag with a data parameter to a malicious file hosted on a server that returns an unsafe Content-Type, aka the "Object Type" vulnerability. Internet Explorer 5.01 SP3 a 6.0 SP1 no determina adecuadamente tipos de objetos devueltos por los servidores web, lo que podría permitir a atacantes remotos ejecutar código arbitrario mediante una etiqueta "object" con un parámetro de datos a un fichero malicioso almacenado en un servidor que devuelve un "Content-Type" inseguro; también llamada vulnerabilidad de "Tipo de Objeto". • http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0084.html http://marc.info/?l=bugtraq&m=106149026621753&w=2 http://www.eeye.com/html/Research/Advisories/AD20030820.html http://www.kb.cert.org/vuls/id/865940 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032 •