CVSS: 5.0EPSS: 94%CPEs: 3EXPL: 1CVE-2004-1376
https://notcve.org/view.php?id=CVE-2004-1376
Directory traversal vulnerability in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote malicious FTP servers to overwrite arbitrary files via .. (dot dot) sequences in filenames returned from a LIST command. • http://marc.info/?l=bugtraq&m=110461358930103&w=2 http://secunia.com/advisories/13704 http://www.7a69ezine.org/node/view/176 •
CVSS: 7.5EPSS: 56%CPEs: 18EXPL: 1CVE-2004-1155
https://notcve.org/view.php?id=CVE-2004-1155
Internet Explorer 5.01 through 6 allows remote attackers to spoof arbitrary web sites by injecting content from one window into another window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. NOTE: later research shows that Internet Explorer 7 on Windows XP SP2 is also vulnerable. • http://secunia.com/advisories/13251 http://secunia.com/advisories/22628 http://secunia.com/multiple_browsers_window_injection_vulnerability_test http://secunia.com/secunia_research/2004-13/advisory http://www.securityfocus.com/archive/1/449917/100/0/threaded http://www.securityfocus.com/bid/11855 •
CVSS: 10.0EPSS: 7%CPEs: 22EXPL: 0CVE-2004-0978
https://notcve.org/view.php?id=CVE-2004-0978
Heap-based buffer overflow in the Hrtbeat.ocx (Heartbeat) ActiveX control for Internet Explorer 5.01 through 6, when users who visit online gaming sites that are associated with MSN, allows remote attackers to execute arbitrary code via the SetupData parameter. • http://marc.info/?l=bugtraq&m=110616221411579&w=2 http://www.kb.cert.org/vuls/id/673134 http://www.ngssoftware.com/advisories/heartbeatfull.txt http://www.securityfocus.com/bid/11367 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038 https://exchange.xforce.ibmcloud.com/vulnerabilities/17714 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 87%CPEs: 3EXPL: 0CVE-2004-0216
https://notcve.org/view.php?id=CVE-2004-0216
Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow. Desbordamiento de búfer en el Motor de Instalación (inseng.dll) de Internet Explorer 5.01, 5.5 y 6 permite a atacantes remotos ejecutar código de su elección mediante un sitio web maliciosos o correo electrónico HTML. • http://marc.info/?l=bugtraq&m=109760693512754&w=2 http://marc.info/?l=bugtraq&m=110616383332055&w=2 http://marc.info/?l=ntbugtraq&m=110619893620517&w=2 http://www.kb.cert.org/vuls/id/637760 http://www.ngssoftware.com/advisories/msinsengfull.txt http://www.us-cert.gov/cas/techalerts/TA04-293A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038 https://exchange.xforce.ibmcloud.com/vulnerabilities/17620 https://exchange.xforce.ibmcloud.com/ •
CVSS: 5.0EPSS: 2%CPEs: 2EXPL: 0CVE-2004-0843
https://notcve.org/view.php?id=CVE-2004-0843
Internet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the "Plug-in Navigation Address Bar Spoofing Vulnerability." Internet Explorer 5.5 y 6 no manejan adecuadamente la navegación con complementos (plug-in), lo que permite a atacantes remotos alterar la barra de navegación mostrada y suplantar páginas web, facilitando ataques de "phising", también conocida como "Vulnerabilidad de suplantación de la barra de direcciónes en navegación en complemento". • http://www.kb.cert.org/vuls/id/625616 http://www.us-cert.gov/cas/techalerts/TA04-293A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038 https://exchange.xforce.ibmcloud.com/vulnerabilities/17651 https://exchange.xforce.ibmcloud.com/vulnerabilities/17655 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2487 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2537 https://oval.cisecurity.org&#x •