CVSS: 2.1EPSS: 0%CPEs: 13EXPL: 0CVE-2001-1497
https://notcve.org/view.php?id=CVE-2001-1497
Microsoft Internet Explorer 4.0 through 6.0 could allow local users to differentiate between alphanumeric and non-alphanumeric characters used in a password by pressing certain control keys that jump between non-alphanumeric characters, which makes it easier to conduct a brute-force password guessing attack. • http://www.iss.net/security_center/static/7592.php http://www.securityfocus.com/archive/1/241323 http://www.securityfocus.com/archive/1/241400 http://www.securityfocus.com/bid/3563 •
CVSS: 2.6EPSS: 0%CPEs: 1EXPL: 1CVE-2001-0807
https://notcve.org/view.php?id=CVE-2001-0807
Internet Explorer 5.0, and possibly other versions, may allow remote attackers (malicious web pages) to read known text files from a client's hard drive via a SCRIPT tag with a SRC value that points to the text file. • http://www.securityfocus.com/cgi-bin/archive.pl?id=1&mid=189341 https://exchange.xforce.ibmcloud.com/vulnerabilities/6688 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2001-0667
https://notcve.org/view.php?id=CVE-2001-0667
Internet Explorer 6 and earlier, when used with the Telnet client in Services for Unix (SFU) 2.0, allows remote attackers to execute commands by spawning Telnet with a log file option on the command line and writing arbitrary code into an executable file which is later executed, aka a new variant of the Telnet Invocation vulnerability as described in CVE-2001-0150. • http://www.ciac.org/ciac/bulletins/m-024.shtml http://www.kb.cert.org/vuls/id/952611 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-051 https://exchange.xforce.ibmcloud.com/vulnerabilities/7260 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 7.5EPSS: 5%CPEs: 2EXPL: 1CVE-2001-0664 – Microsoft Internet Explorer 5 - Zone Spoofing (MS01-055)
https://notcve.org/view.php?id=CVE-2001-0664
Internet Explorer 5.5 and 5.01 allows remote attackers to bypass security restrictions via malformed URLs that contain dotless IP addresses, which causes Internet Explorer to process the page in the Intranet Zone, which may have fewer security restrictions, aka the "Zone Spoofing vulnerability." • https://www.exploit-db.com/exploits/21118 http://marc.info/?l=bugtraq&m=100281551611595&w=2 http://morph3us.org/blog/?p=31 http://www.osvdb.org/1971 http://www.securityfocus.com/bid/3420 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-051 https://exchange.xforce.ibmcloud.com/vulnerabilities/7258 •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 1CVE-2001-0712
https://notcve.org/view.php?id=CVE-2001-0712
The rendering engine in Internet Explorer determines the MIME type independently of the type that is specified by the server, which allows remote servers to automatically execute script which is placed in a file whose MIME type does not normally support scripting, such as text (.txt), JPEG (.jpg), etc. • http://www.securityfocus.com/archive/1/200109 http://www.securityfocus.com/archive/1/200291 http://www.securityfocus.com/bid/3116 •