CVE-2002-0023 – Microsoft Internet Explorer 5/6 - GetObject File Disclosure
https://notcve.org/view.php?id=CVE-2002-0023
Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read arbitrary files via malformed requests to the GetObject function, which bypass some of GetObject's security checks. Internet Explorer 5.01, 5.5 y 6.0 permite a atacantes remotos leer ficheros arbitrarios mediante peticiones malformadas a la función GetObject(), lo que sortea algunas comprobaciones de seguridad de GetObject() • https://www.exploit-db.com/exploits/21195 http://archives.neohapsis.com/archives/bugtraq/2002-01/0000.html http://www.osvdb.org/3030 http://www.securityfocus.com/bid/3767 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-005 https://exchange.xforce.ibmcloud.com/vulnerabilities/7758 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A40 https: •
CVE-2002-0025
https://notcve.org/view.php?id=CVE-2002-0025
Internet Explorer 5.01, 5.5 and 6.0 does not properly handle the Content-Type HTML header field, which allows remote attackers to modify which application is used to process a document. Internet Explorer 5.01, 5.5 y 6.0 no maneja apropiadamente la cabecera HTML "Content-Type", lo que permite a atacantes remotos modificar qué aplicación es usada para procesar un documento. • http://online.securityfocus.com/archive/1/255767 http://www.securityfocus.com/bid/4085 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-005 https://exchange.xforce.ibmcloud.com/vulnerabilities/8118 •
CVE-2002-0024
https://notcve.org/view.php?id=CVE-2002-0024
File Download box in Internet Explorer 5.01, 5.5 and 6.0 allows an attacker to use the Content-Disposition and Content-Type HTML header fields to modify how the name of the file is displayed, which could trick a user into believing that a file is safe to download. El cuadro de diálogo de descarga de ficheros en Internet Explorer 5.0, 5.5 y 6.0 permite a un atacante usar los campos de cabecera HTML "Content-Type" y "Content-Disposition" para modificar como el nombre del fichero es mostrado, lo que podría engañar a un usuario para que piense que es seguro descargar el fichero. • http://www.securityfocus.com/bid/4087 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-005 •
CVE-2002-0052
https://notcve.org/view.php?id=CVE-2002-0052
Internet Explorer 6.0 and earlier does not properly handle VBScript in certain domain security checks, which allows remote attackers to read arbitrary files. Internet Explorer 6.0 y anteriores no maneja adecuadamente VBScript en ciertas comprobaciones de seguridad de dominios, lo que permite a atacantes remotos leer ficheros arbitrarios. • http://securitytracker.com/id?1003630 http://www.osvdb.org/763 http://www.securityfocus.com/bid/4158 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-009 •
CVE-2002-0077
https://notcve.org/view.php?id=CVE-2002-0077
Microsoft Internet Explorer 5.01, 5.5 and 6.0 treats objects invoked on an HTML page with the codebase property as part of Local Computer zone, which allows remote attackers to invoke executables present on the local system through objects such as the popup object, aka the "Local Executable Invocation via Object tag" vulnerability. Microsoft Internet Explorer 5.01, 5.5 y 6.0 trata objetos invocados en una página HTML con la propiedad 'codebase' como parte de la zona 'Ordenador Local', lo que permite a atacantes remotos invocar ejecutables presentes en el sistema local mediante objetos como el objeto 'popup'. Tambíen conocido como "Invocación de ejecutable local mediante la etiqueta Object". • http://marc.info/?l=bugtraq&m=101103188711920&w=2 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-015 •