CVSS: 7.5EPSS: 92%CPEs: 4EXPL: 2CVE-2002-1217 – Microsoft Internet Explorer 5/6 - Unauthorized Document Object Model Access
https://notcve.org/view.php?id=CVE-2002-1217
Cross-Frame scripting vulnerability in the WebBrowser control as used in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code, read arbitrary files, or conduct other unauthorized activities via script that accesses the Document property, which bypasses <frame> and <iframe> domain restrictions. Vulnerabilidad de scripts en marcos cruzados en el control WebBrowser usado en Internet Explorer 5.5 y 6.0 permite a atacantes remotos ejecutar código arbitrario, leer ficheros arbitrarios, y llevar a cabo otras actividades no autorizadas mediante código que accede a la propiedad Document, lo que evita las restricciones de dominio de frame e iframe • https://www.exploit-db.com/exploits/21940 http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0024.html http://marc.info/?l=bugtraq&m=103470310417576&w=2 http://marc.info/?l=ntbugtraq&m=103470202010570&w=2 http://security.greymagic.com/adv/gm011-ie http://www.ciac.org/ciac/bulletins/n-018.shtml http://www.iss.net/security_center/static/10371.php http://www.securityfocus.com/bid/5963 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-06 •
CVSS: 5.0EPSS: 21%CPEs: 7EXPL: 1CVE-2002-0648 – Microsoft Internet Explorer 5/6 - XML Redirect File Disclosure
https://notcve.org/view.php?id=CVE-2002-0648
The legacy <script> data-island capability for XML in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to read arbitrary XML files, and portions of other files, via a URL whose "src" attribute redirects to a local file. La capacidad de isla de datos <script> (legacy - legado - para compatibilidad con anteriores versiones) en XML en Microsoft Internet Explorer 5.01, 5.5 y 6.0 permite a atacantes remotos leer ficheros XML de su elección, y parte de otros ficheros, mediante una URL cuyo atributo "src" redirige a un fichero local. • https://www.exploit-db.com/exploits/21749 http://marc.info/?l=bugtraq&m=103011639524314&w=2 http://www.iss.net/security_center/static/9936.php http://www.securityfocus.com/bid/5560 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-047 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1026 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1148 https://oval.cisecurity.org/repository/search/ •
CVSS: 7.5EPSS: 6%CPEs: 7EXPL: 0CVE-2002-0722
https://notcve.org/view.php?id=CVE-2002-0722
Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to misrepresent the source of a file in the File Download dialogue box to trick users into thinking that the file type is safe to download, aka "File Origin Spoofing." • http://marc.info/?l=bugtraq&m=103054692223380&w=2 http://www.iss.net/security_center/static/9937.php http://www.osvdb.org/5129 http://www.securityfocus.com/bid/5559 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-047 •
CVSS: 7.5EPSS: 11%CPEs: 7EXPL: 1CVE-2002-0647 – Microsoft Internet Explorer 5/6 Legacy Text Formatting - ActiveX Component Buffer Overflow
https://notcve.org/view.php?id=CVE-2002-0647
Buffer overflow in a legacy ActiveX control used to display specially formatted text in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code, aka "Buffer Overrun in Legacy Text Formatting ActiveX Control". Desbordamiento de búfer en el control ActiveX antiguo usado para mostrar texto especialmente formateado en Microsoft Internet Explorer 5.01, 5.5 y 6.0 permite a atacantes remotos ejecutar código arbitrario. También conocida como "Desbordamiento de búfer en control ActiveX antiguo de formato de texto" (Buffer Overrun in Legacy Text Formatting ActiveX Control • https://www.exploit-db.com/exploits/21748 http://www.iss.net/security_center/static/9935.php http://www.securityfocus.com/bid/5558 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-047 •
CVSS: 7.5EPSS: 27%CPEs: 4EXPL: 1CVE-2002-0723 – Microsoft Internet Explorer 5/6 - OBJECT Tag Same Origin Policy Violation
https://notcve.org/view.php?id=CVE-2002-0723
Microsoft Internet Explorer 5.5 and 6.0 does not properly verify the domain of a frame within a browser window, which allows remote attackers to read client files or invoke executable objects via the Object tag, aka "Cross Domain Verification in Object Tag." • https://www.exploit-db.com/exploits/21606 http://www.iss.net/security_center/static/9537.php http://www.securityfocus.com/bid/5196 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-047 •