CVSS: 7.5EPSS: 87%CPEs: 35EXPL: 2CVE-2005-0053 – Microsoft Internet Explorer 5.x - Valid File Drag and Drop Embedded Code (MS04-038)
https://notcve.org/view.php?id=CVE-2005-0053
Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability." Internet Explorer 5.01, 5.5 y 6 permite a los atacantes remotos ejecutar código arbitrario mediante eventos de arrastrar y soltar, también conocidos como "Vulnerabilidad de arrastrar y soltar". • https://www.exploit-db.com/exploits/24693 http://www.kb.cert.org/vuls/id/698835 http://www.securityfocus.com/bid/11466 http://www.us-cert.gov/cas/techalerts/TA05-039A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-008 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-014 https://exchange.xforce.ibmcloud.com/vulnerabilities/19117 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1015 https&# •
CVSS: 7.5EPSS: 95%CPEs: 11EXPL: 0CVE-2005-0055
https://notcve.org/view.php?id=CVE-2005-0055
Internet Explorer 5.01, 5.5, and 6 does not properly validate buffers when handling certain DHTML methods including the createControlRange Javascript function, which allows remote attackers to execute arbitrary code, aka the "DHTML Method Heap Memory Corruption Vulnerability." • http://secunia.com/advisories/11165 http://secunia.com/secunia_research/2004-12/advisory http://securitytracker.com/id?1013125 http://www.kb.cert.org/vuls/id/843771 http://www.us-cert.gov/cas/techalerts/TA05-039A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-014 https://exchange.xforce.ibmcloud.com/vulnerabilities/19137 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1005 https://oval.cisecurity.org/repository/sea •
CVSS: 2.6EPSS: 59%CPEs: 4EXPL: 3CVE-2004-2219
https://notcve.org/view.php?id=CVE-2004-2219
Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar to facilitate phishing attacks via Javascript that uses an invalid URI, modifies the Location field, then uses history.back to navigate to the previous domain, aka NullyFake. • http://archives.neohapsis.com/archives/bugtraq/2004-08/0215.html http://secunia.com/advisories/12304 http://securitytracker.com/id?1010957 http://umbrella.name/originalvuln/msie/NullyFake/nullyfake-content.txt http://www.osvdb.org/8978 https://exchange.xforce.ibmcloud.com/vulnerabilities/17007 •
CVSS: 5.1EPSS: 81%CPEs: 5EXPL: 2CVE-2004-2383 – Microsoft Internet Explorer 5/6 - Cross-Domain Event Leakage
https://notcve.org/view.php?id=CVE-2004-2383
Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to bypass cross-frame scripting restrictions and capture keyboard events from other domains via an HTML document with Javascript that is outside a frameset that includes the target domain, then forcing the frameset to maintain focus. NOTE: the discloser claimed that the vendor does not categorize this as a vulnerability, but it can be used in a spoofing scenario; the discloser provides alternate scenarios. Spoofing scenarios are currently included in CVE. • https://www.exploit-db.com/exploits/23766 http://www.idefense.com/application/poi/display?id=77&type=vulnerabilities&flashstatus=false http://www.securityfocus.com/bid/9761 https://exchange.xforce.ibmcloud.com/vulnerabilities/15337 •
CVSS: 7.5EPSS: 4%CPEs: 6EXPL: 3CVE-2004-2291 – Microsoft Internet Explorer - Remote Application.Shell
https://notcve.org/view.php?id=CVE-2004-2291
Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via an embedded script that uses Shell Helper objects and a shortcut (link) to execute the target script. • https://www.exploit-db.com/exploits/310 http://www.securityfocus.com/archive/1/348688 http://www.securityfocus.com/bid/9335 •