CVE-2002-0101
https://notcve.org/view.php?id=CVE-2002-0101
Microsoft Internet Explorer 6.0 and earlier allows local users to cause a denial of service via an infinite loop for modeless dialogs showModelessDialog, which causes CPU usage while the focus for the dialog is not released. Microsoft Internet Explorer 6.0 y anteriores permiten a usuarios locales causar una negación de servicio vía bucle infinito para cuadros de diálogo sin modo (showModelessDialog), que causaran que el uso de CPU no se libere mientras el foco para el diálogo no es liberado. • http://marc.info/?l=bugtraq&m=101039104608083&w=2 http://www.iss.net/security_center/static/7826.php http://www.securityfocus.com/bid/3789 •
CVE-2002-0023 – Microsoft Internet Explorer 5/6 - GetObject File Disclosure
https://notcve.org/view.php?id=CVE-2002-0023
Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read arbitrary files via malformed requests to the GetObject function, which bypass some of GetObject's security checks. Internet Explorer 5.01, 5.5 y 6.0 permite a atacantes remotos leer ficheros arbitrarios mediante peticiones malformadas a la función GetObject(), lo que sortea algunas comprobaciones de seguridad de GetObject() • https://www.exploit-db.com/exploits/21195 http://archives.neohapsis.com/archives/bugtraq/2002-01/0000.html http://www.osvdb.org/3030 http://www.securityfocus.com/bid/3767 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-005 https://exchange.xforce.ibmcloud.com/vulnerabilities/7758 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A40 https: •
CVE-2002-0026
https://notcve.org/view.php?id=CVE-2002-0026
Internet Explorer 5.5 and 6.0 allows remote attackers to bypass restrictions for executing scripts via an object that processes asynchronous events after the initial security checks have been made. Internet Explorer 5.5 y 6.0 permite a atacantes remotos sortear las restricciones para ejecutar scripts mediante un objeto que procesa eventos asíncronos despues de que las comprobaciones de seguridad iniciales han sido hechas. • http://www.securityfocus.com/bid/4082 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-005 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A23 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A32 •
CVE-2002-0025
https://notcve.org/view.php?id=CVE-2002-0025
Internet Explorer 5.01, 5.5 and 6.0 does not properly handle the Content-Type HTML header field, which allows remote attackers to modify which application is used to process a document. Internet Explorer 5.01, 5.5 y 6.0 no maneja apropiadamente la cabecera HTML "Content-Type", lo que permite a atacantes remotos modificar qué aplicación es usada para procesar un documento. • http://online.securityfocus.com/archive/1/255767 http://www.securityfocus.com/bid/4085 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-005 https://exchange.xforce.ibmcloud.com/vulnerabilities/8118 •
CVE-2002-0024
https://notcve.org/view.php?id=CVE-2002-0024
File Download box in Internet Explorer 5.01, 5.5 and 6.0 allows an attacker to use the Content-Disposition and Content-Type HTML header fields to modify how the name of the file is displayed, which could trick a user into believing that a file is safe to download. El cuadro de diálogo de descarga de ficheros en Internet Explorer 5.0, 5.5 y 6.0 permite a un atacante usar los campos de cabecera HTML "Content-Type" y "Content-Disposition" para modificar como el nombre del fichero es mostrado, lo que podría engañar a un usuario para que piense que es seguro descargar el fichero. • http://www.securityfocus.com/bid/4087 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-005 •