CVE-2005-2830
https://notcve.org/view.php?id=CVE-2005-2830
Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka "HTTPS Proxy Vulnerability." Microsoft Interntet Explorer 5.01, 5.5 y 6, cuando usan un servidor proxy HTTPS que requiere autenticación básica, envía la URL en texto claro, lo que permite a atacantes remotos obtener información sensible, tcc "Vulnerabilidad proxy HTTPS" • http://secunia.com/advisories/15368 http://secunia.com/advisories/18064 http://secunia.com/advisories/18311 http://securitytracker.com/id?1015350 http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf http://www.securityfocus.com/bid/15825 http://www.vupen.com/english/advisories/2005/2867 http://www.vupen.com/english/advisories/2005/2909 http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=375420 https://docs.microsoft.com/en-us/security- •
CVE-2005-2831
https://notcve.org/view.php?id=CVE-2005-2831
Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, aka a variant of the "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2127. Microsoft Internet Explorer 5.01, 5.5 y 6 permiten a atacantes remotos causar una denegación de servicio (caída de aplicación) y posiblemente ejecutar código de su elección mediante una página web con CLSIDs incrustados que hacen referencia ciertos objetos COM que no están pensados para ser usados con con Internet Explorer, tcc una variante de la "Vulnerabilidad de Corrupción de Memoria por Instanciamiento de Objeto COM", una vulnerabilidad diferente de CVE-2005-2127. • http://secunia.com/advisories/15368 http://secunia.com/advisories/18064 http://secunia.com/advisories/18311 http://securitytracker.com/id?1015348 http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf http://www.kb.cert.org/vuls/id/959049 http://www.osvdb.org/21763 http://www.securityfocus.com/bid/15827 http://www.us-cert.gov/cas/techalerts/TA05-347A.html http://www.vupen.com/english/advisories/2005/2867 http://www.vupen.com/english/advisories/2005/2909 •
CVE-2005-2829
https://notcve.org/view.php?id=CVE-2005-2829
Multiple design errors in Microsoft Internet Explorer 5.01, 5.5, and 6 allow user-assisted attackers to execute arbitrary code by (1) overlaying a malicious new window above a file download box, then (2) using a keyboard shortcut and delaying the display of the file download box until the user hits a shortcut that activates the "Run" button, aka "File Download Dialog Box Manipulation Vulnerability." Múltiples errores de diseño en Microsoft Internet Explorer 5.01, 5.5 y 6 permiten a atacantes con la intervención del usuario ejecutar código de su elección mediante (1) superponiendo y ventana nueva maliciosa a un cuadro de descarga de fichero, y entonces (2) usando un atajo de teclado y demorando la visualización del cuadro de descarga de ficheros hasta que el usuario pulsa un acceso directo que activa el botón "Ejecutar", tcc "Vulnerabilidad de Manipulación de Cuadro de Descarga de Fichero". • http://marc.info/?l=full-disclosure&m=113450519906463&w=2 http://secunia.com/advisories/15368 http://secunia.com/advisories/18064 http://secunia.com/advisories/18311 http://secunia.com/secunia_research/2005-21/advisory http://secunia.com/secunia_research/2005-7/advisory http://securityreason.com/securityalert/254 http://securitytracker.com/id?1015349 http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf http://www.securityfocus.com/archive/1/419395/100/0/threaded http: •
CVE-2005-2087 – Microsoft Internet Explorer - 'javaprxy.dll' COM Object Remote Overflow
https://notcve.org/view.php?id=CVE-2005-2087
Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, as demonstrated using the JVIEW Profiler (Javaprxy.dll). NOTE: the researcher says that the vendor could not reproduce this problem. • https://www.exploit-db.com/exploits/1079 http://marc.info/?l=bugtraq&m=112006764714946&w=2 http://secunia.com/advisories/15891 http://securitytracker.com/id?1014329 http://www.auscert.org.au/render.html?it=5225 http://www.kb.cert.org/vuls/id/939605 http://www.kb.cert.org/vuls/id/959049 http://www.microsoft.com/technet/security/advisory/903144.mspx http://www.osvdb.org/17680 http://www.securityfocus.com/archive/1/404055 http://www.securityfocus.com/bid/ • CWE-399: Resource Management Errors •
CVE-2005-0554 – Microsoft Internet Explorer - DHTML Object Handling (MS05-020)
https://notcve.org/view.php?id=CVE-2005-0554
Buffer overflow in the URL processor of Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL with a long hostname, aka "URL Parsing Memory Corruption Vulnerability." • https://www.exploit-db.com/exploits/931 http://secunia.com/advisories/14922 http://www.idefense.com/application/poi/display?id=229&type=vulnerabilities http://www.kb.cert.org/vuls/id/756122 http://www.us-cert.gov/cas/techalerts/TA05-102A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-020 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1196 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre. •