CVSS: 7.5EPSS: 9%CPEs: 9EXPL: 1CVE-2003-1328 – Microsoft Internet Explorer 5 - ShowHelp Arbitrary Command Execution
https://notcve.org/view.php?id=CVE-2003-1328
The showHelp() function in Microsoft Internet Explorer 5.01, 5.5, and 6.0 supports certain types of pluggable protocols that allow remote attackers to bypass the cross-domain security model and execute arbitrary code, aka "Improper Cross Domain Security Validation with ShowHelp functionality." La función showHelp() en Microsoft Internet Explorer 5.5 y 6.0 soporta ciertos tipos de protocolos enchufables (añadibles) qeu permiten a atacantes remotos evitar el modelo de seguridad de cruce de dominios y ejecutar código arbitrario. También conocida como "Validación de Seguridad entre dominios con funcionalidad showHelp" • https://www.exploit-db.com/exploits/22226 http://archives.neohapsis.com/archives/bugtraq/2003-02/0083.html http://www.ciac.org/ciac/bulletins/n-038.shtml http://www.iss.net/security_center/static/11259.php http://www.kb.cert.org/vuls/id/400577 http://www.securityfocus.com/bid/6780 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-004 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A57 •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2003-1326
https://notcve.org/view.php?id=CVE-2003-1326
Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka "Improper Cross Domain Security Validation with dialog box." Microsoft Internet Explorer 5.01, 5.5 y 6.0 permite a atacantes remotos evitar el modelo de seguridad entre dominios (cros-domain) para correr script malicioso o programas arbitrarios mediante cuadros de díálogo. También conocida como "Validacíon de Seguridad Entre Dominios inapropiada con cuadro de diálogo". • http://www.ciac.org/ciac/bulletins/n-038.shtml http://www.iss.net/security_center/static/11258.php http://www.securityfocus.com/bid/6779 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-004 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A126 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A178 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A49 •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2002-1824
https://notcve.org/view.php?id=CVE-2002-1824
Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a webserver's certificate chain during a SSL/TLS handshake, does not prompt the user before searching for and finding a newer certificate, which may allow attackers to perform a man-in-the-middle attack. NOTE: it is not clear whether this poses a vulnerability. • http://online.securityfocus.com/archive/1/292842 http://www.iss.net/security_center/static/10180.php http://www.securityfocus.com/bid/5778 •
CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2002-2125
https://notcve.org/view.php?id=CVE-2002-2125
Internet Explorer 6.0 does not warn users when an expired certificate authority (CA) certificate is submitted to the user and a newer CA certificate is in the user's local repository, which could allow remote attackers to decrypt web sessions via a man-in-the-middle (MITM) attack. • http://www.iss.net/security_center/static/10180.php http://www.securityfocus.com/archive/1/292842 http://www.securityfocus.com/bid/5778 •
CVSS: 5.0EPSS: 16%CPEs: 6EXPL: 1CVE-2002-1714 – Microsoft Internet Explorer 5/6 - Self-Referential Object Denial of Service
https://notcve.org/view.php?id=CVE-2002-1714
Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to cause a denial of service (crash) via an object of type "text/html" with the DATA field that identifies the HTML document that contains the object, which may cause infinite recursion. • https://www.exploit-db.com/exploits/21404 http://online.securityfocus.com/archive/1/268776 http://www.securityfocus.com/bid/4564 https://exchange.xforce.ibmcloud.com/vulnerabilities/8904 •