CVE-2003-1105
https://notcve.org/view.php?id=CVE-2003-1105
Unknown vulnerability in Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to cause a denial of service (browser or Outlook Express crash) via HTML with certain input tags that are not properly rendered. • http://www.kb.cert.org/vuls/id/813208 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032 https://exchange.xforce.ibmcloud.com/vulnerabilities/13029 •
CVE-2003-0809 – Microsoft Internet Explorer 5 - XML Page Object Type Validation (MS03-040)
https://notcve.org/view.php?id=CVE-2003-0809
Internet Explorer 5.01 through 6.0 does not properly handle object tags returned from a Web server during XML data binding, which allows remote attackers to execute arbitrary code via an HTML e-mail message or web page. Internet Explorer 5.01 a 6.0 no maneja adecuadamente etiquetas "object" devueltas por un servidor Web durante un una asociación de datos XML, lo que permite a atacantes remotos ejecutar código arbitrario mediante un correo electrónico HTML o una página web. • https://www.exploit-db.com/exploits/23122 http://www.osvdb.org/7887 http://www.securityfocus.com/bid/8565 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-040 https://exchange.xforce.ibmcloud.com/vulnerabilities/13300 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A123 •
CVE-2003-0838 – Microsoft Internet Explorer 5/6 - Browser Popup Window Object Type Validation
https://notcve.org/view.php?id=CVE-2003-0838
Internet Explorer allows remote attackers to bypass zone restrictions to inject and execute arbitrary programs by creating a popup window and inserting ActiveX object code with a "data" tag pointing to the malicious code, which Internet Explorer treats as HTML or Javascript, but later executes as an HTA application, a different vulnerability than CVE-2003-0532, and as exploited using the QHosts Trojan horse (aka Trojan.Qhosts, QHosts-1, VBS.QHOSTS, or aolfix.exe). Internet Explorer permite a atacantes remotos saltarse restricciones de zona para inyectar y ejecutar programas arbitrarios creando una ventana emergente e insertando un objeto ActiveX con una etiqueta "data" apuntando al código maliciosos, que Internet Explorer trata como HTML o JavaScript, pero luego ejecuta como una aplicación .HTA; una vulnerabilidad diferente de CAN-2003-0532, y explotada por el virus QHosts. • https://www.exploit-db.com/exploits/23114 http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009639.html http://marc.info/?l=bugtraq&m=106304733121753&w=2 http://marc.info/?l=bugtraq&m=106304876523459&w=2 http://marc.info/?l=ntbugtraq&m=106302799428500&w=2 http://securityresponse.symantec.com/avcenter/venc/data/trojan.qhosts.html http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0310&L=ntbugtraq&F=P&S=&P=2169 http://www.osvdb.org/7872 http: •
CVE-2003-0531
https://notcve.org/view.php?id=CVE-2003-0531
Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to access and execute script in the My Computer domain using the browser cache via crafted Content-Type and Content-Disposition headers, aka the "Browser Cache Script Execution in My Computer Zone" vulnerability. Internet Explorer 5.01 SP3 a 6.0 SP1 permite a atacantes remotos acceder a y ejecutar script en el dominio "Mi PC" usando la caché del navegador; también llamada vulnerabilidad "Ejecución de scritp en el navegador en la zona Mi PC". • http://secunia.com/advisories/9580 http://www.cert.org/advisories/CA-2003-22.html http://www.kb.cert.org/vuls/id/205148 http://www.lac.co.jp/security/english/snsadv_e/67_e.html http://www.securityfocus.com/bid/8457 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032 https://exchange.xforce.ibmcloud.com/vulnerabilities/12961 •
CVE-2003-0701 – Microsoft Internet Explorer - Object Data Remote (MS03-032)
https://notcve.org/view.php?id=CVE-2003-0701
Buffer overflow in Internet Explorer 6 SP1 for certain languages that support double-byte encodings (e.g., Japanese) allows remote attackers to execute arbitrary code via the Type property of an Object tag, a variant of CVE-2003-0344. Desbordamiento de búfer en Internet Explorer 6 SP1 para ciertos lenguajes que usan codificación en dos bytes (como el Japonés) permite a atacantes remotos ejecutar código arbitrario mediante la propiedad TYPE de una etiqueta OBJECT, una variante de CAN-2003-0344. • https://www.exploit-db.com/exploits/83 http://marc.info/?l=bugtraq&m=106148101210479&w=2 http://www.kb.cert.org/vuls/id/334928 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032 https://exchange.xforce.ibmcloud.com/vulnerabilities/12970 •