CVSS: 4.3EPSS: 67%CPEs: 1EXPL: 4CVE-2003-1025 – Microsoft Internet Explorer 5/6 / Mozilla 1.2.1 - URI Display Obfuscation
https://notcve.org/view.php?id=CVE-2003-1025
06 Jan 2004 — Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability." Internet Explorer 6 y posiblemente otras versiones, permite a atacantes remotos suplantar el dominio de una URL mediante un carácter "%01" antes de un carácter "@" (arroba) en la porción usario@dominio de la URL... • https://www.exploit-db.com/exploits/23422 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 24%CPEs: 1EXPL: 4CVE-2003-1505 – Microsoft Internet Explorer 6 - Scrollbar-Base-Color Partial Denial of Service
https://notcve.org/view.php?id=CVE-2003-1505
31 Dec 2003 — Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (crash) by creating a web page or HTML e-mail with a textarea in a div element whose scrollbar-base-color is modified by a CSS style, which is then moved. • https://www.exploit-db.com/exploits/23273 •
CVSS: 7.5EPSS: 39%CPEs: 4EXPL: 0CVE-2003-1559
https://notcve.org/view.php?id=CVE-2003-1559
31 Dec 2003 — Microsoft Internet Explorer 5.22, and other 5 through 6 SP1 versions, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data. • http://securityreason.com/securityalert/3989 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 9%CPEs: 4EXPL: 0CVE-2003-1105
https://notcve.org/view.php?id=CVE-2003-1105
31 Dec 2003 — Unknown vulnerability in Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to cause a denial of service (browser or Outlook Express crash) via HTML with certain input tags that are not properly rendered. • http://www.kb.cert.org/vuls/id/813208 •
CVSS: 8.8EPSS: 45%CPEs: 9EXPL: 2CVE-2003-0809 – Microsoft Internet Explorer 5 - XML Page Object Type Validation (MS03-040)
https://notcve.org/view.php?id=CVE-2003-0809
08 Oct 2003 — Internet Explorer 5.01 through 6.0 does not properly handle object tags returned from a Web server during XML data binding, which allows remote attackers to execute arbitrary code via an HTML e-mail message or web page. Internet Explorer 5.01 a 6.0 no maneja adecuadamente etiquetas "object" devueltas por un servidor Web durante un una asociación de datos XML, lo que permite a atacantes remotos ejecutar código arbitrario mediante un correo electrónico HTML o una página web. • https://www.exploit-db.com/exploits/23122 •
CVSS: 8.8EPSS: 72%CPEs: 9EXPL: 1CVE-2003-0838 – Microsoft Internet Explorer 5/6 - Browser Popup Window Object Type Validation
https://notcve.org/view.php?id=CVE-2003-0838
07 Oct 2003 — Internet Explorer allows remote attackers to bypass zone restrictions to inject and execute arbitrary programs by creating a popup window and inserting ActiveX object code with a "data" tag pointing to the malicious code, which Internet Explorer treats as HTML or Javascript, but later executes as an HTA application, a different vulnerability than CVE-2003-0532, and as exploited using the QHosts Trojan horse (aka Trojan.Qhosts, QHosts-1, VBS.QHOSTS, or aolfix.exe). Internet Explorer permite a atacantes remot... • https://www.exploit-db.com/exploits/23114 •
CVSS: 8.8EPSS: 33%CPEs: 8EXPL: 0CVE-2003-0530
https://notcve.org/view.php?id=CVE-2003-0530
22 Aug 2003 — Buffer overflow in the BR549.DLL ActiveX control for Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to execute arbitrary code. Desbordamiento de búfer en el control ActiveX BR549.DLL de Internet Explorer 5.01 SP3 a 6.0 SP1 permite a atacantes remotos ejecutar código arbitrario. • http://secunia.com/advisories/9580 •
CVSS: 8.8EPSS: 29%CPEs: 9EXPL: 0CVE-2003-0531
https://notcve.org/view.php?id=CVE-2003-0531
22 Aug 2003 — Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to access and execute script in the My Computer domain using the browser cache via crafted Content-Type and Content-Disposition headers, aka the "Browser Cache Script Execution in My Computer Zone" vulnerability. Internet Explorer 5.01 SP3 a 6.0 SP1 permite a atacantes remotos acceder a y ejecutar script en el dominio "Mi PC" usando la caché del navegador; también llamada vulnerabilidad "Ejecución de scritp en el navegador en la zona Mi PC". • http://secunia.com/advisories/9580 •
CVSS: 9.8EPSS: 33%CPEs: 9EXPL: 1CVE-2003-0532
https://notcve.org/view.php?id=CVE-2003-0532
22 Aug 2003 — Internet Explorer 5.01 SP3 through 6.0 SP1 does not properly determine object types that are returned by web servers, which could allow remote attackers to execute arbitrary code via an object tag with a data parameter to a malicious file hosted on a server that returns an unsafe Content-Type, aka the "Object Type" vulnerability. Internet Explorer 5.01 SP3 a 6.0 SP1 no determina adecuadamente tipos de objetos devueltos por los servidores web, lo que podría permitir a atacantes remotos ejecutar código arbitr... • http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0084.html •
CVSS: 9.8EPSS: 38%CPEs: 4EXPL: 1CVE-2003-0701 – Microsoft Internet Explorer - Object Data Remote (MS03-032)
https://notcve.org/view.php?id=CVE-2003-0701
22 Aug 2003 — Buffer overflow in Internet Explorer 6 SP1 for certain languages that support double-byte encodings (e.g., Japanese) allows remote attackers to execute arbitrary code via the Type property of an Object tag, a variant of CVE-2003-0344. Desbordamiento de búfer en Internet Explorer 6 SP1 para ciertos lenguajes que usan codificación en dos bytes (como el Japonés) permite a atacantes remotos ejecutar código arbitrario mediante la propiedad TYPE de una etiqueta OBJECT, una variante de CAN-2003-0344. • https://www.exploit-db.com/exploits/83 •