CVSS: 7.8EPSS: 20%CPEs: 4EXPL: 0CVE-2005-2829
https://notcve.org/view.php?id=CVE-2005-2829
14 Dec 2005 — Multiple design errors in Microsoft Internet Explorer 5.01, 5.5, and 6 allow user-assisted attackers to execute arbitrary code by (1) overlaying a malicious new window above a file download box, then (2) using a keyboard shortcut and delaying the display of the file download box until the user hits a shortcut that activates the "Run" button, aka "File Download Dialog Box Manipulation Vulnerability." Múltiples errores de diseño en Microsoft Internet Explorer 5.01, 5.5 y 6 permiten a atacantes con la interven... • http://marc.info/?l=full-disclosure&m=113450519906463&w=2 •
CVSS: 5.9EPSS: 56%CPEs: 4EXPL: 0CVE-2005-2830
https://notcve.org/view.php?id=CVE-2005-2830
14 Dec 2005 — Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka "HTTPS Proxy Vulnerability." Microsoft Interntet Explorer 5.01, 5.5 y 6, cuando usan un servidor proxy HTTPS que requiere autenticación básica, envía la URL en texto claro, lo que permite a atacantes remotos obtener información sensible, tcc "Vulnerabilidad proxy HTTPS" • http://secunia.com/advisories/15368 •
CVSS: 8.8EPSS: 65%CPEs: 11EXPL: 0CVE-2005-2831
https://notcve.org/view.php?id=CVE-2005-2831
14 Dec 2005 — Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, aka a variant of the "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2127. Microsoft Internet Explorer 5.01, 5.5 y 6 permiten a atacantes remotos causar una denegación de servicio... • http://secunia.com/advisories/15368 •
CVSS: 7.5EPSS: 43%CPEs: 3EXPL: 2CVE-2005-4089
https://notcve.org/view.php?id=CVE-2005-4089
08 Dec 2005 — Microsoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains that are not valid Cascading Style Sheets (CSS) files, as demonstrated using Google Desktop, aka "CSSXSS" and "CSS Cross-Domain Information Disclosure Vulnerability." • http://secunia.com/advisories/17564 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 27%CPEs: 1EXPL: 2CVE-2005-3312
https://notcve.org/view.php?id=CVE-2005-3312
26 Oct 2005 — The HTML rendering engine in Microsoft Internet Explorer 6.0 allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML in corrupted images and other files such as .GIF, JPG, and WAV, which is rendered as HTML when the user clicks on the link, even though the web server response and file extension indicate that it should be treated as a different file type. • http://marc.info/?l=bugtraq&m=113017003617987&w=2 •
CVSS: 8.8EPSS: 83%CPEs: 3EXPL: 2CVE-2005-1988 – Microsoft Internet Explorer 5.0.1 - '.JPEG' Image Rendering Buffer Overflow
https://notcve.org/view.php?id=CVE-2005-1988
10 Aug 2005 — Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to execute arbitrary code via a web site or an HTML e-mail containing a crafted JPEG image that causes memory corruption, aka "JPEG Image Rendering Memory Corruption Vulnerability". • https://www.exploit-db.com/exploits/25991 •
CVSS: 7.5EPSS: 62%CPEs: 3EXPL: 1CVE-2005-1989 – Microsoft Internet Explorer - 'blnmgr.dll' COM Object Remote (MS05-038)
https://notcve.org/view.php?id=CVE-2005-1989
10 Aug 2005 — Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to obtain information and possibly execute code when browsing from a web site to a web folder view using WebDAV, aka "Web Folder Behaviors Cross-Domain Vulnerability". • https://www.exploit-db.com/exploits/1144 •
CVSS: 7.8EPSS: 82%CPEs: 3EXPL: 1CVE-2005-1990 – Microsoft Internet Explorer - 'blnmgr.dll' COM Object Remote (MS05-038)
https://notcve.org/view.php?id=CVE-2005-1990
10 Aug 2005 — Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, including (1) devenum.dll, (2) diactfrm.dll, (3) wmm2filt.dll, (4) fsusd.dll, (5) dmdskmgr.dll, (6) browsewm.dll, (7) browseui.dll, (8) shell32.dll, (9) mshtml.dll, (10) inetcfg.dll, (11) infosoft.dll, (12) query.dll, (13) syncui.dll, (14) clbcatex.dll, (15) clbcat... • https://www.exploit-db.com/exploits/1144 •
CVSS: 6.5EPSS: 13%CPEs: 2EXPL: 1CVE-2005-2304
https://notcve.org/view.php?id=CVE-2005-2304
19 Jul 2005 — Microsoft MSN Messenger 9.0 and Internet Explorer 6.0 allows remote attackers to cause a denial of service (crash) via an image with an ICC Profile with a large Tag Count. Microsoft MSN Messenger 9.0 e Internet Explorer 6.0 permiten que atacantes remotos causen una denegación de servicio (caída) mediante una imagen con un ICC Profile con un Tag Count grande. • http://www.securityfocus.com/archive/1/405377 •
CVSS: 4.3EPSS: 27%CPEs: 1EXPL: 2CVE-2005-2274
https://notcve.org/view.php?id=CVE-2005-2274
13 Jul 2005 — Microsoft Internet Explorer 6.0 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability." • http://secunia.com/advisories/15491 •