CVSS: 5.0EPSS: 2%CPEs: 7EXPL: 2CVE-2002-0461 – Microsoft Internet Explorer 5/6 / Mozilla 0.8/0.9.x / Opera 5/6 - JavaScript Interpreter Denial of Service
https://notcve.org/view.php?id=CVE-2002-0461
Internet Explorer 5.01 through 6 allows remote attackers to cause a denial of service (application crash) via Javascript in a web page that calls location.replace on itself, causing a loop. • https://www.exploit-db.com/exploits/21346 http://online.securityfocus.com/archive/1/262994 http://www.iss.net/security_center/static/8488.php http://www.securityfocus.com/bid/4322 •
CVSS: 5.0EPSS: 1%CPEs: 8EXPL: 1CVE-2002-0500
https://notcve.org/view.php?id=CVE-2002-0500
Internet Explorer 5.0 through 6.0 allows remote attackers to determine the existence of files on the client via an IMG tag with a dynsrc property that references the target file, which sets certain elements of the image object such as file size. • http://archives.neohapsis.com/archives/bugtraq/2002-03/0331.html http://www.iss.net/security_center/static/8658.php http://www.securityfocus.com/bid/4371 •
CVSS: 5.0EPSS: 9%CPEs: 7EXPL: 1CVE-2002-0191 – Microsoft Internet Explorer 5 - Cascading Style Sheet File Disclosure (MS02-023)
https://notcve.org/view.php?id=CVE-2002-0191
Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to view arbitrary files that contain the "{" character via script containing the cssText property of the stylesheet object, aka "Local Information Disclosure through HTML Object" vulnerability. Microsoft Internet Explorer 5.01, 5.5 y 6.0 permite a atacantes remotos ver ficheros arbitrarios que contienen el carácter "{" (llave) mediante una secuencia de comandos que contenga la propiedad cssText del objeto hoja de estilos. También conocida como vulnerabilidad de "desvelo de información local mediante objeto HTML". • https://www.exploit-db.com/exploits/21361 http://marc.info/?l=bugtraq&m=101778302030981&w=2 http://www.iss.net/security_center/static/8740.php http://www.securityfocus.com/bid/4411 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-023 •
CVSS: 7.5EPSS: 6%CPEs: 4EXPL: 1CVE-2002-0193 – Microsoft Internet Explorer 5.0.1/6.0 - Content-Disposition Handling File Execution
https://notcve.org/view.php?id=CVE-2002-0193
Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the first variant of the "Content Disposition" vulnerability. (repetida de CAN-2002-0193) • https://www.exploit-db.com/exploits/21452 http://www.securityfocus.com/bid/4752 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-023 https://exchange.xforce.ibmcloud.com/vulnerabilities/9085 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A27 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A99 •
CVSS: 7.5EPSS: 3%CPEs: 4EXPL: 0CVE-2002-0188
https://notcve.org/view.php?id=CVE-2002-0188
Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the second variant of the "Content Disposition" vulnerability. Microsoft Internet Explorer 5.01 y 6.0 permite a atacantes remotos ejecutar código arbitrario mediante los campos de cabecera Content-Type y Content-Disposition malformados; lo que hace que la aplicación que debería manejar el fichero falso lo devuelva al sistema operativo en vez levantar un mensaje de error. Tambíen conocida como segunda variante de la vulnerabilidad de "Disposición de contenidos". • http://archives.neohapsis.com/archives/bugtraq/2002-05/0126.html http://www.iss.net/security_center/static/9086.php http://www.lac.co.jp/security/english/snsadv_e/48_e.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-023 •