CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 3CVE-2001-0643 – Microsoft Internet Explorer 5.5 - CLSID File Execution
https://notcve.org/view.php?id=CVE-2001-0643
Internet Explorer 5.5 does not display the Class ID (CLSID) when it is at the end of the file name, which could allow attackers to trick the user into executing dangerous programs by making it appear that the document is of a safe file type. • https://www.exploit-db.com/exploits/20774 http://vil.nai.com/vil/virusSummary.asp?virus_k=99048 http://www.guninski.com/clsidext.html http://www.osvdb.org/7858 http://www.sarc.com/avcenter/venc/data/vbs.postcard%40mm.html http://www.securityfocus.com/archive/1/176909 http://www.securityfocus.com/bid/2612 https://exchange.xforce.ibmcloud.com/vulnerabilities/6426 •
CVSS: 7.5EPSS: 86%CPEs: 1EXPL: 0CVE-2001-0339
https://notcve.org/view.php?id=CVE-2001-0339
Internet Explorer 5.5 and earlier allows remote attackers to display a URL in the address bar that is different than the URL that is actually being displayed, which could be used in web site spoofing attacks, aka the "Web page spoofing vulnerability." • http://www.ciac.org/ciac/bulletins/l-087.shtml http://www.osvdb.org/5694 http://www.securityfocus.com/bid/2737 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-027 https://exchange.xforce.ibmcloud.com/vulnerabilities/6556 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1096 •
CVSS: 5.1EPSS: 1%CPEs: 2EXPL: 0CVE-2001-0338
https://notcve.org/view.php?id=CVE-2001-0338
Internet Explorer 5.5 and earlier does not properly validate digital certificates when Certificate Revocation List (CRL) checking is enabled, which could allow remote attackers to spoof trusted web sites, aka the "Server certificate validation vulnerability." • http://www.ciac.org/ciac/bulletins/l-087.shtml http://www.securityfocus.com/bid/2735 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-027 https://exchange.xforce.ibmcloud.com/vulnerabilities/6555 •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2001-0246
https://notcve.org/view.php?id=CVE-2001-0246
Internet Explorer 5.5 and earlier does not properly verify the domain of a frame within a browser window, which allows remote web site operators to read certain files on the client by sending information from a local frame to a frame in a different domain, aka a variant of the "Frame Domain Verification" vulnerability. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-027 •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2001-0332
https://notcve.org/view.php?id=CVE-2001-0332
Internet Explorer 5.5 and earlier does not properly verify the domain of a frame within a browser window, which allows remote web site operators to read certain files on the client by sending information from a local frame to a frame in a different domain using MSScriptControl.ScriptControl and GetObject, aka a variant of the "Frame Domain Verification" vulnerability. • http://marc.info/?l=bugtraq&m=98609031517525&w=2 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-027 •