CVSS: 8.8EPSS: 9%CPEs: 3EXPL: 2CVE-2003-0447 – Microsoft Internet Explorer 5 - Custom HTTP Error HTML Injection
https://notcve.org/view.php?id=CVE-2003-0447
20 Jun 2003 — The Custom HTTP Errors capability in Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute script in the Local Zone via an argument to shdocvw.dll that causes a "javascript:" link to be generated. La característica de errores HTTP personalizados en Internet Explorer 5.01, 5.5 y 6.0 permite a atacantes remotos ejecutar script en la Zona Local mediante un argumento a shdocvw.dll que causa que se genere un enlace "javascript:" • https://www.exploit-db.com/exploits/22784 •
CVSS: 6.1EPSS: 5%CPEs: 2EXPL: 2CVE-2003-0446 – Microsoft Internet Explorer 5/6 - MSXML XML File Parsing Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2003-0446
20 Jun 2003 — Cross-site scripting (XSS) in Internet Explorer 5.5 and 6.0, possibly in a component that is also used by other Microsoft products, allows remote attackers to insert arbitrary web script via an XML file that contains a parse error, which inserts the script in the resulting error message. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Internet Explorer 5.5 y 6.0, probablemente en un componente que también es utilizado por otros productos de Microsoft, permite a atacantes remotos la inse... • https://www.exploit-db.com/exploits/22783 •
CVSS: 8.8EPSS: 95%CPEs: 4EXPL: 3CVE-2003-0344 – Microsoft Internet Explorer - Object Tag (MS03-020)
https://notcve.org/view.php?id=CVE-2003-0344
06 Jun 2003 — Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page. Desbordamiento de búfer en Microsoft Internet Explorer 5.01, 5.5, y 6.0 permite que atacantes remotos ejecuten código arbitrario mediante un caracter "/" (barra inclinada) en la propiedad Type de un tag Object en una página web. • https://www.exploit-db.com/exploits/37 •
CVSS: 7.5EPSS: 9%CPEs: 3EXPL: 0CVE-2002-1564
https://notcve.org/view.php?id=CVE-2002-1564
30 May 2003 — Internet Explorer 5.5 and 6.0 allows remote attackers to steal potentially sensitive information from cookies via a cookie that contains script which is executed when a page is loaded, aka the "Script within Cookies Reading Cookies" vulnerability. Internet Explorer 5.5 y 6.0 permiten que atacantes remotos roben información (potencialmente confidencial) mediante cookies que contienen script que se ejecuta cuando se carga una página (también conocida como vulnerabilidad de "Script dentro de cookies que lee ot... • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-023 •
CVSS: 8.8EPSS: 5%CPEs: 1EXPL: 1CVE-2003-0309 – Microsoft Internet Explorer 5/6 - 'file://' Request Zone Bypass
https://notcve.org/view.php?id=CVE-2003-0309
17 May 2003 — Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to bypass security zone restrictions and execute arbitrary programs via a web document with a large number of duplicate file:// or other requests that point to the program and open multiple file download dialogs, which eventually cause Internet Explorer to execute the program, as demonstrated using a large number of FRAME or IFRAME tags, aka the "File Download Dialog Vulnerability." Internet Explorer 6.0.2800 permite que atacantes remotos se salte... • https://www.exploit-db.com/exploits/22575 •
CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 0CVE-2003-0115
https://notcve.org/view.php?id=CVE-2003-0115
02 May 2003 — Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check parameters that are passed during third party rendering, which could allow remote attackers to execute arbitrary web script, aka the "Third Party Plugin Rendering" vulnerability, a different vulnerability than CVE-2003-0233. Microsoft Internet Explorer 5.01, 5.5 y 6.0 no verifica adecuadamente parámetros que son pasados mientras dibujan componentes de terceros, lo que podría permitir a atacantes remotos ejecutar script web arbitrario, tam... • http://www.iss.net/security_center/static/11848.php •
CVSS: 9.8EPSS: 3%CPEs: 9EXPL: 0CVE-2003-0233
https://notcve.org/view.php?id=CVE-2003-0233
02 May 2003 — Heap-based buffer overflow in plugin.ocx for Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via the Load() method, a different vulnerability than CVE-2003-0115. Desbordamiento de búfer basado en el montículo (heap) en plugin.ocx de Internet Explorer 5.01, 5.5 y 6.0 permite a atacantes remotos ejecutar código arbitrari mediante el método Load(), una vulnerabilidad distinta de CAN-2003-0115. • http://marc.info/?l=bugtraq&m=105120164927952&w=2 •
CVSS: 9.8EPSS: 1%CPEs: 9EXPL: 0CVE-2003-0114
https://notcve.org/view.php?id=CVE-2003-0114
26 Apr 2003 — The file upload control in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to automatically upload files from the local system via a web page containing a script to upload the files. El control de carga (upload) de ficheros en Microsoft Internet Explorer 5.01, 5.5 y 6.0 permite a atacantes remotos cargar ficheros automáticamente del sistema de ficheros local mediante una página web conteniendo un script para cargar los ficheros. • http://marc.info/?l=bugtraq&m=104429340817718&w=2 •
CVSS: 9.8EPSS: 9%CPEs: 9EXPL: 1CVE-2003-0113 – Microsoft Internet Explorer 5 - Remote 'URLMON.dll' Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2003-0113
26 Apr 2003 — Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via an HTTP response containing long values in (1) Content-type and (2) Content-encoding fields. Desbordamiento de búfer en URLMON.DLL en Microsoft Internet Explorer 5.01, 5.5 y 6.0 permite a atacantes remotos ejecutar código arbitrario mediante una respuesta HTTP conteniendo valores largos en ciertos campos de cabecera. • https://www.exploit-db.com/exploits/22530 •
CVSS: 5.3EPSS: 2%CPEs: 9EXPL: 1CVE-2003-0116
https://notcve.org/view.php?id=CVE-2003-0116
26 Apr 2003 — Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check the Cascading Style Sheet input parameter for Modal dialogs, which allows remote attackers to read files on the local system via a web page containing script that creates a dialog and then accesses the target files, aka "Modal Dialog script execution." Microsoft Internet Explorer 5.01, 5.5 y 6.0 no comprueba adecuadamente el parámetro de entrada de hoja de estilo en cascada (CSS) en diálogos modales, lo que permite a atacantes remotos lee... • http://www.kb.cert.org/vuls/id/244729 •