CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 0CVE-2003-0817
https://notcve.org/view.php?id=CVE-2003-0817
Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object. Internet Explorer 5.01 hasta la 6 SP1 permite que atacantes remotos se salten restricciones de seguirdad y lean ficheros arbitrarios mediante objetos XML. • http://secunia.com/advisories/10192 http://www.securityfocus.com/bid/9012 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A508 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A520 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A543 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef •
CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 2CVE-2003-0816 – Microsoft Internet Explorer 5 - window.open Search Pane Cross-Zone Scripting
https://notcve.org/view.php?id=CVE-2003-0816
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability. Internet Explorer 6 SP1 y anteriores permite que atacantes remotos se salten restricciones de seguridad mediante: (1) uso del método NavigateAndFind para descargar un fichero, (2) uso del método window.open para cargar un fichero, (3) fijando la propriedad href en el tag base para la ventana _search, (4) cargando la venta de búsqueda en un Iframe, (5) capturando una URL de javascript en el histórico del navegador. • https://www.exploit-db.com/exploits/23790 https://www.exploit-db.com/exploits/23131 http://marc.info/?l=bugtraq&m=106321638416884&w=2 http://marc.info/?l=bugtraq&m=106321693517858&w=2 http://marc.info/?l=bugtraq&m=106321781819727&w=2 http://marc.info/?l=bugtraq&m=106321882821788&w=2 http://marc.info/? •
CVSS: 7.5EPSS: 4%CPEs: 9EXPL: 0CVE-2003-0823
https://notcve.org/view.php?id=CVE-2003-0823
Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027. Internet Explorer 6SP! y anteriores permite que atacantes remotos redirijan los comportamientos de copias/pegar y otras acciones del ratón a otras ventenas, mediante llamada al método window.moveBy. También se la conoce como vulnerabilidad HijackClick • http://marc.info/?l=bugtraq&m=106322197932006&w=2 http://secunia.com/advisories/10192 http://www.kb.cert.org/vuls/id/413886 http://www.securityfocus.com/archive/1/337086 http://www.securitytracker.com/id?1006036 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A368 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A369 https://ova •
CVSS: 10.0EPSS: 16%CPEs: 10EXPL: 0CVE-2003-1027
https://notcve.org/view.php?id=CVE-2003-1027
Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability." Internet Explorer 6 SP1 permite a atacantes remotos enviar acciones de arrastrar y soltar y otras acciones con el ratón a otras ventanas usando cacheado de métodos (SaveRef) para acceder al método window.moveBy, que es de otra manera inaccesible, como se demostró por HijackClickV2. • http://marc.info/?l=bugtraq&m=106979479719446&w=2 http://marc.info/?l=bugtraq&m=107038202225587&w=2 http://www.kb.cert.org/vuls/id/413886 http://www.safecenter.net/UMBRELLAWEBV4/HijackClickV2 http://www.securitytracker.com/id?1006036 http://www.us-cert.gov/cas/techalerts/TA04-033A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-004 https://exchange.xforce.ibmcloud.com/vulnerabilities/13844 https://oval.cisecurity.org/repository/search/definition/ •
CVSS: 9.3EPSS: 1%CPEs: 10EXPL: 1CVE-2003-1026 – Microsoft Internet Explorer - URL Injection in History List (MS04-004)
https://notcve.org/view.php?id=CVE-2003-1026
Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability." Internet Explorer SP1 permite a atacantes remotos evitar restricciones de zonas mediante una URL de protocolo JavaScript en un sub-marco, que es añadido al historial de páginas visitadas y es ejecutado en la zona de seguridad de la ventana principal cuando se usa el método JavaScritp "history.back" (mostrar página anterior), como se demostró por BackToFramedJpu. • https://www.exploit-db.com/exploits/151 http://marc.info/?l=bugtraq&m=106979349517578&w=2 http://marc.info/?l=bugtraq&m=107038202225587&w=2 http://www.kb.cert.org/vuls/id/784102 http://www.safecenter.net/UMBRELLAWEBV4/BackToFramedJpu http://www.us-cert.gov/cas/techalerts/TA04-033A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-004 https://exchange.xforce.ibmcloud.com/vulnerabilities/13846 https://oval.cisecurity.org/repository/search/definition • CWE-264: Permissions, Privileges, and Access Controls •