CVSS: 5.0EPSS: 0%CPEs: 10EXPL: 0CVE-2003-1028
https://notcve.org/view.php?id=CVE-2003-1028
The download function of Internet Explorer 6 SP1 allows remote attackers to obtain the cache directory name via an HTTP response with an invalid ContentType and a .htm file, which could allow remote attackers to bypass security mechanisms that rely on random names, as demonstrated by threadid10008. La función de descarga de Internet Explorer 6 SP1 permite a atacantes remotos obtener el nombre de directorio de caché mediante una respuesta HTTP con un ContentType inválido y un fichero .html, lo que podría permitir a atacantes remotos saltarse mecanismos de seguridad que se basan en nombres aleatorios, como se demostró por threadid10008. • http://marc.info/?l=bugtraq&m=106979428718705&w=2 http://marc.info/?l=bugtraq&m=106979624321665&w=2 http://marc.info/?l=bugtraq&m=107038202225587&w=2 http://www.osvdb.org/7890 http://www.safecenter.net/UMBRELLAWEBV4/threadid10008 https://exchange.xforce.ibmcloud.com/vulnerabilities/13847 •
CVSS: 2.6EPSS: 1%CPEs: 4EXPL: 0CVE-2003-1105
https://notcve.org/view.php?id=CVE-2003-1105
Unknown vulnerability in Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to cause a denial of service (browser or Outlook Express crash) via HTML with certain input tags that are not properly rendered. • http://www.kb.cert.org/vuls/id/813208 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032 https://exchange.xforce.ibmcloud.com/vulnerabilities/13029 •
CVSS: 5.0EPSS: 2%CPEs: 4EXPL: 0CVE-2003-1559
https://notcve.org/view.php?id=CVE-2003-1559
Microsoft Internet Explorer 5.22, and other 5 through 6 SP1 versions, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data. • http://securityreason.com/securityalert/3989 http://www.gadgetopia.com/2003/12/23/OutlookWebAccessPrivacyHole.html http://www.securityfocus.com/archive/1/348360 http://www.securityfocus.com/archive/1/348574 http://www.securityfocus.com/bid/9295 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 94%CPEs: 9EXPL: 2CVE-2003-0809 – Microsoft Internet Explorer 5 - XML Page Object Type Validation (MS03-040)
https://notcve.org/view.php?id=CVE-2003-0809
Internet Explorer 5.01 through 6.0 does not properly handle object tags returned from a Web server during XML data binding, which allows remote attackers to execute arbitrary code via an HTML e-mail message or web page. Internet Explorer 5.01 a 6.0 no maneja adecuadamente etiquetas "object" devueltas por un servidor Web durante un una asociación de datos XML, lo que permite a atacantes remotos ejecutar código arbitrario mediante un correo electrónico HTML o una página web. • https://www.exploit-db.com/exploits/23122 http://www.osvdb.org/7887 http://www.securityfocus.com/bid/8565 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-040 https://exchange.xforce.ibmcloud.com/vulnerabilities/13300 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A123 •
CVSS: 7.5EPSS: 95%CPEs: 9EXPL: 1CVE-2003-0838 – Microsoft Internet Explorer 5/6 - Browser Popup Window Object Type Validation
https://notcve.org/view.php?id=CVE-2003-0838
Internet Explorer allows remote attackers to bypass zone restrictions to inject and execute arbitrary programs by creating a popup window and inserting ActiveX object code with a "data" tag pointing to the malicious code, which Internet Explorer treats as HTML or Javascript, but later executes as an HTA application, a different vulnerability than CVE-2003-0532, and as exploited using the QHosts Trojan horse (aka Trojan.Qhosts, QHosts-1, VBS.QHOSTS, or aolfix.exe). Internet Explorer permite a atacantes remotos saltarse restricciones de zona para inyectar y ejecutar programas arbitrarios creando una ventana emergente e insertando un objeto ActiveX con una etiqueta "data" apuntando al código maliciosos, que Internet Explorer trata como HTML o JavaScript, pero luego ejecuta como una aplicación .HTA; una vulnerabilidad diferente de CAN-2003-0532, y explotada por el virus QHosts. • https://www.exploit-db.com/exploits/23114 http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009639.html http://marc.info/?l=bugtraq&m=106304733121753&w=2 http://marc.info/?l=bugtraq&m=106304876523459&w=2 http://marc.info/?l=ntbugtraq&m=106302799428500&w=2 http://securityresponse.symantec.com/avcenter/venc/data/trojan.qhosts.html http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0310&L=ntbugtraq&F=P&S=&P=2169 http://www.osvdb.org/7872 http: •