CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2002-0101
https://notcve.org/view.php?id=CVE-2002-0101
15 Mar 2002 — Microsoft Internet Explorer 6.0 and earlier allows local users to cause a denial of service via an infinite loop for modeless dialogs showModelessDialog, which causes CPU usage while the focus for the dialog is not released. Microsoft Internet Explorer 6.0 y anteriores permiten a usuarios locales causar una negación de servicio vía bucle infinito para cuadros de diálogo sin modo (showModelessDialog), que causaran que el uso de CPU no se libere mientras el foco para el diálogo no es liberado. • http://marc.info/?l=bugtraq&m=101039104608083&w=2 •
CVSS: 6.5EPSS: 1%CPEs: 3EXPL: 0CVE-2002-0025
https://notcve.org/view.php?id=CVE-2002-0025
08 Mar 2002 — Internet Explorer 5.01, 5.5 and 6.0 does not properly handle the Content-Type HTML header field, which allows remote attackers to modify which application is used to process a document. Internet Explorer 5.01, 5.5 y 6.0 no maneja apropiadamente la cabecera HTML "Content-Type", lo que permite a atacantes remotos modificar qué aplicación es usada para procesar un documento. • http://online.securityfocus.com/archive/1/255767 •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2002-0024
https://notcve.org/view.php?id=CVE-2002-0024
08 Mar 2002 — File Download box in Internet Explorer 5.01, 5.5 and 6.0 allows an attacker to use the Content-Disposition and Content-Type HTML header fields to modify how the name of the file is displayed, which could trick a user into believing that a file is safe to download. El cuadro de diálogo de descarga de ficheros en Internet Explorer 5.0, 5.5 y 6.0 permite a un atacante usar los campos de cabecera HTML "Content-Type" y "Content-Disposition" para modificar como el nombre del fichero es mostrado, lo que podría eng... • http://www.securityfocus.com/bid/4087 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2002-0026
https://notcve.org/view.php?id=CVE-2002-0026
08 Mar 2002 — Internet Explorer 5.5 and 6.0 allows remote attackers to bypass restrictions for executing scripts via an object that processes asynchronous events after the initial security checks have been made. Internet Explorer 5.5 y 6.0 permite a atacantes remotos sortear las restricciones para ejecutar scripts mediante un objeto que procesa eventos asíncronos despues de que las comprobaciones de seguridad iniciales han sido hechas. • http://www.securityfocus.com/bid/4082 •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 2CVE-2002-0023 – Microsoft Internet Explorer 5/6 - GetObject File Disclosure
https://notcve.org/view.php?id=CVE-2002-0023
08 Mar 2002 — Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read arbitrary files via malformed requests to the GetObject function, which bypass some of GetObject's security checks. Internet Explorer 5.01, 5.5 y 6.0 permite a atacantes remotos leer ficheros arbitrarios mediante peticiones malformadas a la función GetObject(), lo que sortea algunas comprobaciones de seguridad de GetObject() • https://www.exploit-db.com/exploits/21195 •
CVSS: 7.5EPSS: 11%CPEs: 7EXPL: 0CVE-2002-0052
https://notcve.org/view.php?id=CVE-2002-0052
08 Mar 2002 — Internet Explorer 6.0 and earlier does not properly handle VBScript in certain domain security checks, which allows remote attackers to read arbitrary files. Internet Explorer 6.0 y anteriores no maneja adecuadamente VBScript en ciertas comprobaciones de seguridad de dominios, lo que permite a atacantes remotos leer ficheros arbitrarios. • http://securitytracker.com/id?1003630 •
CVSS: 8.8EPSS: 25%CPEs: 2EXPL: 0CVE-2002-0022
https://notcve.org/view.php?id=CVE-2002-0022
08 Mar 2002 — Buffer overflow in the implementation of an HTML directive in mshtml.dll in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via a web page that specifies embedded ActiveX controls in a way that causes 2 Unicode strings to be concatenated. Desbordamiento de buffer en la implementación de una directiva HTML en mshml.dll en Internet Explorer 5.5 y 6.0 permite ejecutar código arbitrario mediante una página web que especifica controles ActiveX en una forma que causa que 2 cadenas ... • http://marc.info/?l=bugtraq&m=101362984930597&w=2 •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 1CVE-2002-0027
https://notcve.org/view.php?id=CVE-2002-0027
08 Mar 2002 — Internet Explorer 5.5 and 6.0 allows remote attackers to read certain files and spoof the URL in the address bar by using the Document.open function to pass information between two frames from different domains, a new variant of the "Frame Domain Verification" vulnerability described in MS:MS01-058/CAN-2001-0874. Internet Explorer 5.5 y 6.0 permite a atacantes remotos leer ciertos ficheros y falsificar la URL en la barra de direcciones usando la función document.open() para pasar información entre dos marco... • http://www.osvdb.org/3031 •
CVSS: 7.5EPSS: 2%CPEs: 6EXPL: 0CVE-2002-0077
https://notcve.org/view.php?id=CVE-2002-0077
13 Jan 2002 — Microsoft Internet Explorer 5.01, 5.5 and 6.0 treats objects invoked on an HTML page with the codebase property as part of Local Computer zone, which allows remote attackers to invoke executables present on the local system through objects such as the popup object, aka the "Local Executable Invocation via Object tag" vulnerability. Microsoft Internet Explorer 5.01, 5.5 y 6.0 trata objetos invocados en una página HTML con la propiedad 'codebase' como parte de la zona 'Ordenador Local', lo que permite a ataca... • http://marc.info/?l=bugtraq&m=101103188711920&w=2 •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2001-1497
https://notcve.org/view.php?id=CVE-2001-1497
31 Dec 2001 — Microsoft Internet Explorer 4.0 through 6.0 could allow local users to differentiate between alphanumeric and non-alphanumeric characters used in a password by pressing certain control keys that jump between non-alphanumeric characters, which makes it easier to conduct a brute-force password guessing attack. • http://www.iss.net/security_center/static/7592.php •