CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2002-0101
https://notcve.org/view.php?id=CVE-2002-0101
Microsoft Internet Explorer 6.0 and earlier allows local users to cause a denial of service via an infinite loop for modeless dialogs showModelessDialog, which causes CPU usage while the focus for the dialog is not released. Microsoft Internet Explorer 6.0 y anteriores permiten a usuarios locales causar una negación de servicio vía bucle infinito para cuadros de diálogo sin modo (showModelessDialog), que causaran que el uso de CPU no se libere mientras el foco para el diálogo no es liberado. • http://marc.info/?l=bugtraq&m=101039104608083&w=2 http://www.iss.net/security_center/static/7826.php http://www.securityfocus.com/bid/3789 •
CVSS: 5.0EPSS: 1%CPEs: 3EXPL: 2CVE-2002-0023 – Microsoft Internet Explorer 5/6 - GetObject File Disclosure
https://notcve.org/view.php?id=CVE-2002-0023
Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read arbitrary files via malformed requests to the GetObject function, which bypass some of GetObject's security checks. Internet Explorer 5.01, 5.5 y 6.0 permite a atacantes remotos leer ficheros arbitrarios mediante peticiones malformadas a la función GetObject(), lo que sortea algunas comprobaciones de seguridad de GetObject() • https://www.exploit-db.com/exploits/21195 http://archives.neohapsis.com/archives/bugtraq/2002-01/0000.html http://www.osvdb.org/3030 http://www.securityfocus.com/bid/3767 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-005 https://exchange.xforce.ibmcloud.com/vulnerabilities/7758 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A40 https:&#x •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2002-0026
https://notcve.org/view.php?id=CVE-2002-0026
Internet Explorer 5.5 and 6.0 allows remote attackers to bypass restrictions for executing scripts via an object that processes asynchronous events after the initial security checks have been made. Internet Explorer 5.5 y 6.0 permite a atacantes remotos sortear las restricciones para ejecutar scripts mediante un objeto que procesa eventos asíncronos despues de que las comprobaciones de seguridad iniciales han sido hechas. • http://www.securityfocus.com/bid/4082 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-005 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A23 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A32 •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2002-0024
https://notcve.org/view.php?id=CVE-2002-0024
File Download box in Internet Explorer 5.01, 5.5 and 6.0 allows an attacker to use the Content-Disposition and Content-Type HTML header fields to modify how the name of the file is displayed, which could trick a user into believing that a file is safe to download. El cuadro de diálogo de descarga de ficheros en Internet Explorer 5.0, 5.5 y 6.0 permite a un atacante usar los campos de cabecera HTML "Content-Type" y "Content-Disposition" para modificar como el nombre del fichero es mostrado, lo que podría engañar a un usuario para que piense que es seguro descargar el fichero. • http://www.securityfocus.com/bid/4087 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-005 •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 1CVE-2002-0027
https://notcve.org/view.php?id=CVE-2002-0027
Internet Explorer 5.5 and 6.0 allows remote attackers to read certain files and spoof the URL in the address bar by using the Document.open function to pass information between two frames from different domains, a new variant of the "Frame Domain Verification" vulnerability described in MS:MS01-058/CAN-2001-0874. Internet Explorer 5.5 y 6.0 permite a atacantes remotos leer ciertos ficheros y falsificar la URL en la barra de direcciones usando la función document.open() para pasar información entre dos marcos de distintos dominios. Es una nueva variante de la vulnerabilidad "Verificación de dominio de marco", descrita en Microsoft Security Bulletin MS01-058 / CAN-2001-0847. • http://www.osvdb.org/3031 http://www.securityfocus.com/archive/1/246522 http://www.securityfocus.com/bid/3721 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-005 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A974 •