CVSS: 7.5EPSS: 10%CPEs: 10EXPL: 0CVE-2005-3240
https://notcve.org/view.php?id=CVE-2005-3240
31 Dec 2005 — Race condition in Microsoft Internet Explorer allows user-assisted attackers to overwrite arbitrary files and possibly execute code by tricking a user into performing a drag-and-drop action from certain objects, such as file objects within a folder view, then predicting the drag action, and re-focusing to a malicious window. • http://blogs.technet.com/msrc/archive/2006/02/13/419439.aspx • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.5EPSS: 84%CPEs: 2EXPL: 0CVE-2005-4840
https://notcve.org/view.php?id=CVE-2005-4840
31 Dec 2005 — The Outlook Express Address Book control, when using Internet Explorer 6, allows remote attackers to cause a denial of service (NULL dereference and browser crash) by creating the OutlookExpress.AddressBook COM object, which is not intended for use within Internet Explorer. • http://browserfun.blogspot.com/2006/07/mobb-3-outlookexpressaddressbook_02.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 6%CPEs: 8EXPL: 3CVE-2005-4717 – Microsoft Internet Explorer 6 - Malformed HTML Parsing Denial of Service
https://notcve.org/view.php?id=CVE-2005-4717
31 Dec 2005 — Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereference, probably related to rendering of a DIV element that contains a malformed IMG tag, as demonstrated by IEcrash.htm and IEcrash.rar. • https://www.exploit-db.com/exploits/26457 •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2005-4841
https://notcve.org/view.php?id=CVE-2005-4841
31 Dec 2005 — The Outlook Progress Ctl control allows remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer. • http://www.securityfocus.com/archive/1/391803 •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2005-4842
https://notcve.org/view.php?id=CVE-2005-4842
31 Dec 2005 — The System Monitor Source Properties control allows remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer. • http://www.securityfocus.com/archive/1/391803 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2005-4843
https://notcve.org/view.php?id=CVE-2005-4843
31 Dec 2005 — The SmartConnect Class control allows remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer. • http://www.securityfocus.com/archive/1/391803 •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2005-4844
https://notcve.org/view.php?id=CVE-2005-4844
31 Dec 2005 — The CLSID_ApprenticeICW control allows remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer. • http://www.securityfocus.com/archive/1/391803 •
CVSS: 8.8EPSS: 96%CPEs: 11EXPL: 0CVE-2005-2831
https://notcve.org/view.php?id=CVE-2005-2831
14 Dec 2005 — Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, aka a variant of the "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2127. Microsoft Internet Explorer 5.01, 5.5 y 6 permiten a atacantes remotos causar una denegación de servicio... • http://secunia.com/advisories/15368 •
CVSS: 7.8EPSS: 94%CPEs: 4EXPL: 0CVE-2005-2829
https://notcve.org/view.php?id=CVE-2005-2829
14 Dec 2005 — Multiple design errors in Microsoft Internet Explorer 5.01, 5.5, and 6 allow user-assisted attackers to execute arbitrary code by (1) overlaying a malicious new window above a file download box, then (2) using a keyboard shortcut and delaying the display of the file download box until the user hits a shortcut that activates the "Run" button, aka "File Download Dialog Box Manipulation Vulnerability." Múltiples errores de diseño en Microsoft Internet Explorer 5.01, 5.5 y 6 permiten a atacantes con la interven... • http://marc.info/?l=full-disclosure&m=113450519906463&w=2 •
CVSS: 5.9EPSS: 85%CPEs: 4EXPL: 0CVE-2005-2830
https://notcve.org/view.php?id=CVE-2005-2830
14 Dec 2005 — Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka "HTTPS Proxy Vulnerability." Microsoft Interntet Explorer 5.01, 5.5 y 6, cuando usan un servidor proxy HTTPS que requiere autenticación básica, envía la URL en texto claro, lo que permite a atacantes remotos obtener información sensible, tcc "Vulnerabilidad proxy HTTPS" • http://secunia.com/advisories/15368 •