CVE-2002-0691
https://notcve.org/view.php?id=CVE-2002-0691
Microsoft Internet Explorer 5.01 and 5.5 allows remote attackers to execute scripts in the Local Computer zone via a URL that references a local HTML resource file, a variant of "Cross-Site Scripting in Local HTML Resource" as identified by CAN-2002-0189. Microsoft Internet Explorer 5.01 y 5.5 permite a atacantes remotos ejecutar secuencias de comandos en la zona del PC local mediante una URL que hace referencia un ficherio de recurso local HTML, una variante de la vulnerabilidad "Secuencias de comandos en sitios cruzados en recurso HTML local (Cross-Site Scripting in Local HTML Resource) • http://www.iss.net/security_center/static/9938.php http://www.securityfocus.com/bid/5561 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-047 •
CVE-2002-0647 – Microsoft Internet Explorer 5/6 Legacy Text Formatting - ActiveX Component Buffer Overflow
https://notcve.org/view.php?id=CVE-2002-0647
Buffer overflow in a legacy ActiveX control used to display specially formatted text in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code, aka "Buffer Overrun in Legacy Text Formatting ActiveX Control". Desbordamiento de búfer en el control ActiveX antiguo usado para mostrar texto especialmente formateado en Microsoft Internet Explorer 5.01, 5.5 y 6.0 permite a atacantes remotos ejecutar código arbitrario. También conocida como "Desbordamiento de búfer en control ActiveX antiguo de formato de texto" (Buffer Overrun in Legacy Text Formatting ActiveX Control • https://www.exploit-db.com/exploits/21748 http://www.iss.net/security_center/static/9935.php http://www.securityfocus.com/bid/5558 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-047 •
CVE-2002-0723 – Microsoft Internet Explorer 5/6 - OBJECT Tag Same Origin Policy Violation
https://notcve.org/view.php?id=CVE-2002-0723
Microsoft Internet Explorer 5.5 and 6.0 does not properly verify the domain of a frame within a browser window, which allows remote attackers to read client files or invoke executable objects via the Object tag, aka "Cross Domain Verification in Object Tag." • https://www.exploit-db.com/exploits/21606 http://www.iss.net/security_center/static/9537.php http://www.securityfocus.com/bid/5196 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-047 •
CVE-2002-0980 – Microsoft Outlook Express 5/6 - MHTML URL Handler File Rendering
https://notcve.org/view.php?id=CVE-2002-0980
The Web Folder component for Internet Explorer 5.5 and 6.0 writes an error message to a known location in the temporary folder, which allows remote attackers to execute arbitrary code by injecting it into the error message, then referring to the error message file via a mhtml: URL. El componente de Carpetas Web en Internet Explorer 5.5 y 6.0 escribe un mensaje de error en una localización conocida en una carpeta temporal, lo que permite a atacantes remotos ejecutar código arbitrario inyectándolo en el mensaje de error, y refiriendose al mensaje de error mediante una URL mhtml: • https://www.exploit-db.com/exploits/21711 http://marc.info/?l=bugtraq&m=102942234427691&w=2 http://marc.info/?l=ntbugtraq&m=102937705527922&w=2 http://marc.info/?l=vuln-dev&m=102943486811091&w=2 http://www.iss.net/security_center/static/9881.php http://www.securityfocus.com/bid/5473 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-014 •
CVE-2002-0976 – Microsoft Internet Explorer 4/5/6 - XML Datasource Applet File Disclosure
https://notcve.org/view.php?id=CVE-2002-0976
Internet Explorer 4.0 and later allows remote attackers to read arbitrary files via a web page that accesses a legacy XML Datasource applet (com.ms.xml.dso.XMLDSO.class) and modifies the base URL to point to the local system, which is trusted by the applet. • https://www.exploit-db.com/exploits/21721 http://marc.info/?l=bugtraq&m=102960731805373&w=2 http://www.iss.net/security_center/static/9885.php http://www.securityfocus.com/bid/5490 •