CVSS: 10.0EPSS: 87%CPEs: 28EXPL: 1CVE-2004-1050 – Microsoft Internet Explorer 6 - IFRAME Tag Buffer Overflow
https://notcve.org/view.php?id=CVE-2004-1050
18 Nov 2004 — Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka "the IFRAME vulnerability" or the "HTML Elements Vulnerability." • https://www.exploit-db.com/exploits/612 •
CVSS: 9.1EPSS: 86%CPEs: 3EXPL: 1CVE-2004-1331
https://notcve.org/view.php?id=CVE-2004-1331
16 Nov 2004 — The execCommand method in Microsoft Internet Explorer 6.0 SP2 allows remote attackers to bypass the "File Download - Security Warning" dialog and save arbitrary files with arbitrary extensions via the SaveAs command. • http://archives.neohapsis.com/archives/bugtraq/2004-11/0260.html •
CVSS: 10.0EPSS: 26%CPEs: 22EXPL: 0CVE-2004-0978
https://notcve.org/view.php?id=CVE-2004-0978
21 Oct 2004 — Heap-based buffer overflow in the Hrtbeat.ocx (Heartbeat) ActiveX control for Internet Explorer 5.01 through 6, when users who visit online gaming sites that are associated with MSN, allows remote attackers to execute arbitrary code via the SetupData parameter. • http://marc.info/?l=bugtraq&m=110616221411579&w=2 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 17%CPEs: 15EXPL: 0CVE-2004-0979
https://notcve.org/view.php?id=CVE-2004-0979
21 Oct 2004 — Internet Explorer on Windows XP does not properly modify the "Drag and Drop or copy and paste files" setting when the user sets it to "Disable" or "Prompt," which may enable security-sensitive operations that are inconsistent with the user's intended configuration. • http://www.kb.cert.org/vuls/id/630720 •
CVSS: 10.0EPSS: 96%CPEs: 5EXPL: 1CVE-2004-0214 – Microsoft Windows XP/2000/NT 4.0 - Shell Long Share Name Buffer Overrun
https://notcve.org/view.php?id=CVE-2004-0214
16 Oct 2004 — Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba. Desbordamiento de búfer en Microsoft Internet Explorer y Explorador de Windows XP SP1, 2000, 98 y Me puede permitir a usuarios remotos maliciosos causar una denegación de servicio (caída de aplicación) y posiblemente ejec... • https://www.exploit-db.com/exploits/24051 •
CVSS: 8.1EPSS: 1%CPEs: 27EXPL: 0CVE-2004-0867
https://notcve.org/view.php?id=CVE-2004-0867
24 Sep 2004 — Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. NOTE: it was later reported that 2.x is also affected. Mozilla Firefox 0.9.2 pemite a sitios web establecer cookies para dominios de nivel superior específicos de países, como .ltd.uk, .plc.uk, y .sch.uk, lo que podría permitir a atacantes remotos realizar ataques de fijac... • http://kuza55.blogspot.com/2008/02/understanding-cookie-security.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.1EPSS: 0%CPEs: 27EXPL: 0CVE-2004-0866
https://notcve.org/view.php?id=CVE-2004-0866
16 Sep 2004 — Internet Explorer 6.0 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. • http://marc.info/?l=bugtraq&m=109536612321898&w=2 •
CVSS: 8.1EPSS: 92%CPEs: 16EXPL: 3CVE-2004-0841 – Microsoft Internet Explorer 5.0.1 - Popup.show Mouse Event Hijacking
https://notcve.org/view.php?id=CVE-2004-0841
14 Sep 2004 — Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability." Internet Explorer 6.x permite a atacantes remotos instalar programas de su elección mediante eventos mousedown que llaman al método Popup.show y usan acciones "arrastrar y soltar" en una ventana emergente, también conocida como "HijackClick 3" y la "Vulne... • https://www.exploit-db.com/exploits/24266 •
CVSS: 8.1EPSS: 95%CPEs: 16EXPL: 3CVE-2004-0842 – Microsoft Internet Explorer 5.0.1 - Style Tag Comment Memory Corruption
https://notcve.org/view.php?id=CVE-2004-0842
14 Sep 2004 — Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "