CVSS: 9.8EPSS: 70%CPEs: 7EXPL: 3CVE-2003-1041 – Microsoft Windows XP/2000 - showHelp '.CHM' File Execution (MS03-004)
https://notcve.org/view.php?id=CVE-2003-1041
20 May 2004 — Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug may overlap CVE-2004-0475. Internet Explorer 5.x y 6.0 permite a atacantes remotos ejecutar programas arbitrarios mediante una URL conteniendo secuencias ".." (punto punto) en un nombre de fichero terminado en "::" ... • https://www.exploit-db.com/exploits/23504 •
CVSS: 9.3EPSS: 59%CPEs: 10EXPL: 1CVE-2003-1026 – Microsoft Internet Explorer - URL Injection in History List (MS04-004)
https://notcve.org/view.php?id=CVE-2003-1026
08 Jan 2004 — Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability." Internet Explorer SP1 permite a atacantes remotos evitar restricciones de zonas mediante una URL de protocolo JavaScript en un sub-marco, que es añadido al historial de p... • https://www.exploit-db.com/exploits/151 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 60%CPEs: 10EXPL: 0CVE-2003-1027
https://notcve.org/view.php?id=CVE-2003-1027
08 Jan 2004 — Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability." Internet Explorer 6 SP1 permite a atacantes remotos enviar acciones de arrastrar y soltar y otras acciones con el ratón a otras ven... • http://marc.info/?l=bugtraq&m=106979479719446&w=2 •
CVSS: 7.5EPSS: 14%CPEs: 10EXPL: 0CVE-2003-1028
https://notcve.org/view.php?id=CVE-2003-1028
08 Jan 2004 — The download function of Internet Explorer 6 SP1 allows remote attackers to obtain the cache directory name via an HTTP response with an invalid ContentType and a .htm file, which could allow remote attackers to bypass security mechanisms that rely on random names, as demonstrated by threadid10008. La función de descarga de Internet Explorer 6 SP1 permite a atacantes remotos obtener el nombre de directorio de caché mediante una respuesta HTTP con un ContentType inválido y un fichero .html, lo que podría per... • http://marc.info/?l=bugtraq&m=106979428718705&w=2 •
CVSS: 7.5EPSS: 7%CPEs: 2EXPL: 0CVE-2003-0519
https://notcve.org/view.php?id=CVE-2003-0519
10 Jul 2003 — Certain versions of Internet Explorer 5 and 6, in certain Windows environments, allow remote attackers to cause a denial of service (freeze) via a URL to C:\aux (MS-DOS device name) and possibly other devices. Ciertas versiones de Internet Explorer 5 y 7, en ciertos entornos Windows, permite a atacantes remotos causar una denegación de servicio (cuelgue) con una URL a C:\\AUX (nombre de dispositivo MS-DOS) y posiblemente otros dispositivos. • http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006286.html •
CVSS: 5.3EPSS: 33%CPEs: 4EXPL: 1CVE-2002-1671
https://notcve.org/view.php?id=CVE-2002-1671
31 Dec 2002 — Microsoft Internet Explorer 5.0, 5.01, and 5.5 allows remote attackers to monitor the contents of the clipboard via the getData method of the clipboardData object. • http://online.securityfocus.com/archive/1/250387/2002-10-11/2002-10-17/2 •
CVSS: 6.5EPSS: 23%CPEs: 6EXPL: 1CVE-2002-1714 – Microsoft Internet Explorer 5/6 - Self-Referential Object Denial of Service
https://notcve.org/view.php?id=CVE-2002-1714
31 Dec 2002 — Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to cause a denial of service (crash) via an object of type "text/html" with the DATA field that identifies the HTML document that contains the object, which may cause infinite recursion. • https://www.exploit-db.com/exploits/21404 •
CVSS: 5.3EPSS: 33%CPEs: 7EXPL: 4CVE-2002-2031 – Microsoft Internet Explorer 5 - JavaScript Local File Enumeration
https://notcve.org/view.php?id=CVE-2002-2031
31 Dec 2002 — Internet Explorer 5.0, 5.0.1 and 5.5 with JavaScript execution enabled allows remote attackers to determine the existence of arbitrary files via a script tag with a src parameter that references a non-JavaScript file, then using the onError event handler to monitor the results. • https://www.exploit-db.com/exploits/21198 •
CVSS: 9.1EPSS: 22%CPEs: 9EXPL: 1CVE-2002-2311
https://notcve.org/view.php?id=CVE-2002-2311
31 Dec 2002 — Microsoft Internet Explorer 6.0 and possibly others allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript (1) event.ctrlKey or (2) event.shiftKey onkeydown event contained in a webpage. NOTE: it was reported that the vendor has disputed the severity of this issue. • http://online.securityfocus.com/archive/1/283866 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 26%CPEs: 8EXPL: 1CVE-2002-1187 – Microsoft Internet Explorer 5 - IFrame/Frame Cross-Site/Zone Script Execution
https://notcve.org/view.php?id=CVE-2002-1187
11 Dec 2002 — Cross-site scripting vulnerability (XSS) in Internet Explorer 5.01 through 6.0 allows remote attackers to read and execute files on the local system via web pages using the <frame> or <iframe> element and javascript, aka "Frames Cross Site Scripting," as demonstrated using the PrivacyPolicy.dlg resource. • https://www.exploit-db.com/exploits/21777 •