CVSS: 5.0EPSS: 2%CPEs: 3EXPL: 0CVE-2002-0025
https://notcve.org/view.php?id=CVE-2002-0025
Internet Explorer 5.01, 5.5 and 6.0 does not properly handle the Content-Type HTML header field, which allows remote attackers to modify which application is used to process a document. Internet Explorer 5.01, 5.5 y 6.0 no maneja apropiadamente la cabecera HTML "Content-Type", lo que permite a atacantes remotos modificar qué aplicación es usada para procesar un documento. • http://online.securityfocus.com/archive/1/255767 http://www.securityfocus.com/bid/4085 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-005 https://exchange.xforce.ibmcloud.com/vulnerabilities/8118 •
CVSS: 5.0EPSS: 14%CPEs: 7EXPL: 0CVE-2002-0052
https://notcve.org/view.php?id=CVE-2002-0052
Internet Explorer 6.0 and earlier does not properly handle VBScript in certain domain security checks, which allows remote attackers to read arbitrary files. Internet Explorer 6.0 y anteriores no maneja adecuadamente VBScript en ciertas comprobaciones de seguridad de dominios, lo que permite a atacantes remotos leer ficheros arbitrarios. • http://securitytracker.com/id?1003630 http://www.osvdb.org/763 http://www.securityfocus.com/bid/4158 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-009 •
CVSS: 7.5EPSS: 9%CPEs: 2EXPL: 0CVE-2002-0022
https://notcve.org/view.php?id=CVE-2002-0022
Buffer overflow in the implementation of an HTML directive in mshtml.dll in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via a web page that specifies embedded ActiveX controls in a way that causes 2 Unicode strings to be concatenated. Desbordamiento de buffer en la implementación de una directiva HTML en mshml.dll en Internet Explorer 5.5 y 6.0 permite ejecutar código arbitrario mediante una página web que especifica controles ActiveX en una forma que causa que 2 cadenas Unicode sean concatenadas. • http://marc.info/?l=bugtraq&m=101362984930597&w=2 http://online.securityfocus.com/archive/1/258614 http://www.cert.org/advisories/CA-2002-04.html http://www.iss.net/security_center/static/8116.php http://www.securityfocus.com/bid/4080 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-005 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A925 •
CVSS: 7.5EPSS: 2%CPEs: 6EXPL: 0CVE-2002-0077
https://notcve.org/view.php?id=CVE-2002-0077
Microsoft Internet Explorer 5.01, 5.5 and 6.0 treats objects invoked on an HTML page with the codebase property as part of Local Computer zone, which allows remote attackers to invoke executables present on the local system through objects such as the popup object, aka the "Local Executable Invocation via Object tag" vulnerability. Microsoft Internet Explorer 5.01, 5.5 y 6.0 trata objetos invocados en una página HTML con la propiedad 'codebase' como parte de la zona 'Ordenador Local', lo que permite a atacantes remotos invocar ejecutables presentes en el sistema local mediante objetos como el objeto 'popup'. Tambíen conocido como "Invocación de ejecutable local mediante la etiqueta Object". • http://marc.info/?l=bugtraq&m=101103188711920&w=2 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-015 •
CVSS: 2.1EPSS: 0%CPEs: 13EXPL: 0CVE-2001-1497
https://notcve.org/view.php?id=CVE-2001-1497
Microsoft Internet Explorer 4.0 through 6.0 could allow local users to differentiate between alphanumeric and non-alphanumeric characters used in a password by pressing certain control keys that jump between non-alphanumeric characters, which makes it easier to conduct a brute-force password guessing attack. • http://www.iss.net/security_center/static/7592.php http://www.securityfocus.com/archive/1/241323 http://www.securityfocus.com/archive/1/241400 http://www.securityfocus.com/bid/3563 •