CVE-2001-0246
https://notcve.org/view.php?id=CVE-2001-0246
Internet Explorer 5.5 and earlier does not properly verify the domain of a frame within a browser window, which allows remote web site operators to read certain files on the client by sending information from a local frame to a frame in a different domain, aka a variant of the "Frame Domain Verification" vulnerability. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-027 •
CVE-2001-0332
https://notcve.org/view.php?id=CVE-2001-0332
Internet Explorer 5.5 and earlier does not properly verify the domain of a frame within a browser window, which allows remote web site operators to read certain files on the client by sending information from a local frame to a frame in a different domain using MSScriptControl.ScriptControl and GetObject, aka a variant of the "Frame Domain Verification" vulnerability. • http://marc.info/?l=bugtraq&m=98609031517525&w=2 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-027 •
CVE-2001-1450
https://notcve.org/view.php?id=CVE-2001-1450
Microsoft Internet Explorer 5.0 through 6.0 allows attackers to cause a denial of service (browser crash) via a crafted FTP URL such as "/.#./". • http://cert.uni-stuttgart.de/archive/vuln-dev/2001/05/msg00029.html http://www.kb.cert.org/vuls/id/199408 https://exchange.xforce.ibmcloud.com/vulnerabilities/10117 •
CVE-2001-0150 – Microsoft Internet Explorer 5.0.1/5.5/6.0 - Telnet Client File Overwrite
https://notcve.org/view.php?id=CVE-2001-0150
Internet Explorer 5.5 and earlier executes Telnet sessions using command line arguments that are specified by the web site, which could allow remote attackers to execute arbitrary commands if the IE client is using the Telnet client provided in Services for Unix (SFU) 2.0, which creates session transcripts. • https://www.exploit-db.com/exploits/20680 http://www.osvdb.org/7816 http://www.securityfocus.com/bid/2463 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-015 https://exchange.xforce.ibmcloud.com/vulnerabilities/6230 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVE-2001-0149 – Microsoft Windows Script Host 5.1/5.5 - 'GetObject()' File Disclosure
https://notcve.org/view.php?id=CVE-2001-0149
Windows Scripting Host in Internet Explorer 5.5 and earlier allows remote attackers to read arbitrary files via the GetObject Javascript function and the htmlfile ActiveX object. • https://www.exploit-db.com/exploits/20243 http://archives.neohapsis.com/archives/bugtraq/2000-09/0305.html http://marc.info/?l=ntbugtraq&m=96999020527583&w=2 http://www.securityfocus.com/bid/1718 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-015 https://exchange.xforce.ibmcloud.com/vulnerabilities/5293 •