CVSS: 9.8EPSS: 28%CPEs: 9EXPL: 0CVE-2002-0057
https://notcve.org/view.php?id=CVE-2002-0057
08 Mar 2002 — XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source. El control XMLHTTP en Microsoft XML Core Services 2.6 y versiones posteriores no manejan adecuadamente el establecimiento de valores de la Zona de Seguridad del IE, lo cual permite a atacantes remotos la lectura arbitraria de ficheros especificando un fichero local como una fuente de datos XML. • http://archives.neohapsis.com/archives/bugtraq/2001-12/0152.html •
CVSS: 7.5EPSS: 8%CPEs: 6EXPL: 0CVE-2002-0077
https://notcve.org/view.php?id=CVE-2002-0077
13 Jan 2002 — Microsoft Internet Explorer 5.01, 5.5 and 6.0 treats objects invoked on an HTML page with the codebase property as part of Local Computer zone, which allows remote attackers to invoke executables present on the local system through objects such as the popup object, aka the "Local Executable Invocation via Object tag" vulnerability. Microsoft Internet Explorer 5.01, 5.5 y 6.0 trata objetos invocados en una página HTML con la propiedad 'codebase' como parte de la zona 'Ordenador Local', lo que permite a ataca... • http://marc.info/?l=bugtraq&m=101103188711920&w=2 •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2001-1497
https://notcve.org/view.php?id=CVE-2001-1497
31 Dec 2001 — Microsoft Internet Explorer 4.0 through 6.0 could allow local users to differentiate between alphanumeric and non-alphanumeric characters used in a password by pressing certain control keys that jump between non-alphanumeric characters, which makes it easier to conduct a brute-force password guessing attack. • http://www.iss.net/security_center/static/7592.php •
CVSS: 6.5EPSS: 5%CPEs: 4EXPL: 0CVE-2001-1219
https://notcve.org/view.php?id=CVE-2001-1219
20 Dec 2001 — Microsoft Internet Explorer 6.0 and earlier allows malicious website operators to cause a denial of service (client crash) via JavaScript that continually refreshes the window via self.location. MS Internet Explorer 6.0 y anteriores permite a webmasters maliciosos provocar una denegación de servicio por medio de JavaScript que continuamente refresca la ventana con self.location. • http://www.securityfocus.com/archive/1/246649 •
CVSS: 8.8EPSS: 50%CPEs: 2EXPL: 0CVE-2001-0727
https://notcve.org/view.php?id=CVE-2001-0727
14 Dec 2001 — Internet Explorer 6.0 allows remote attackers to execute arbitrary code by modifying the Content-Disposition and Content-Type header fields in a way that causes Internet Explorer to believe that the file is safe to open without prompting the user, aka the "File Execution Vulnerability." Internet Explorer 6.0 permite a atacantes remotos la ejecución de código arbitrario mediante la modificación de los campos de cabecera 'Content-Disposition' y 'Content-Type' de modo que hace creer a Internet Explorer que es ... • http://marc.info/?l=bugtraq&m=100835204509262&w=2 •
CVSS: 5.0EPSS: 31%CPEs: 2EXPL: 0CVE-2001-0874
https://notcve.org/view.php?id=CVE-2001-0874
13 Dec 2001 — Internet Explorer 5.5 and 6.0 allow remote attackers to read certain files via HTML that passes information from a frame in the client's domain to a frame in the web site's domain, a variant of the "Frame Domain Verification" vulnerability. Internet Explorer 5.5 y 6.0 permite a atacantes remotos la lectura de ciertos ficheros vía HTML, pasando información de un marco en el dominio del cliente a otro marco del dominio del sitio web, una variante de la vulnerabilidad "FrameDomain Verification". • http://www.ciac.org/ciac/bulletins/m-027.shtml •
CVSS: 6.4EPSS: 45%CPEs: 2EXPL: 2CVE-2001-0722 – Microsoft Internet Explorer 5/6 - Cookie Disclosure/Modification
https://notcve.org/view.php?id=CVE-2001-0722
06 Dec 2001 — Internet Explorer 5.5 and 6.0 allows remote attackers to read and modify user cookies via Javascript in an about: URL, aka the "First Cookie Handling Vulnerability." • https://www.exploit-db.com/exploits/21144 •
CVSS: 7.5EPSS: 22%CPEs: 2EXPL: 3CVE-2001-0875 – Microsoft Internet Explorer 5.5/6.0 - Spoofable File Extensions
https://notcve.org/view.php?id=CVE-2001-0875
26 Nov 2001 — Internet Explorer 5.5 and 6.0 allows remote attackers to cause the File Download dialogue box to misrepresent the name of the file in the dialogue in a way that could fool users into thinking that the file type is safe to download. • https://www.exploit-db.com/exploits/21164 •
CVSS: 7.1EPSS: 3%CPEs: 1EXPL: 0CVE-2001-0919
https://notcve.org/view.php?id=CVE-2001-0919
26 Nov 2001 — Internet Explorer 5.50.4134.0100 on Windows ME with "Prompt to allow cookies to be stored on your machine" enabled does not warn a user when a cookie is set using Javascript. • http://marc.info/?l=bugtraq&m=100679857614967&w=2 •
CVSS: 6.5EPSS: 9%CPEs: 1EXPL: 1CVE-2001-0807
https://notcve.org/view.php?id=CVE-2001-0807
22 Nov 2001 — Internet Explorer 5.0, and possibly other versions, may allow remote attackers (malicious web pages) to read known text files from a client's hard drive via a SCRIPT tag with a SRC value that points to the text file. • http://www.securityfocus.com/cgi-bin/archive.pl?id=1&mid=189341 •