CVE-2001-0246
https://notcve.org/view.php?id=CVE-2001-0246
Internet Explorer 5.5 and earlier does not properly verify the domain of a frame within a browser window, which allows remote web site operators to read certain files on the client by sending information from a local frame to a frame in a different domain, aka a variant of the "Frame Domain Verification" vulnerability. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-027 •
CVE-2001-0149 – Microsoft Windows Script Host 5.1/5.5 - 'GetObject()' File Disclosure
https://notcve.org/view.php?id=CVE-2001-0149
Windows Scripting Host in Internet Explorer 5.5 and earlier allows remote attackers to read arbitrary files via the GetObject Javascript function and the htmlfile ActiveX object. • https://www.exploit-db.com/exploits/20243 http://archives.neohapsis.com/archives/bugtraq/2000-09/0305.html http://marc.info/?l=ntbugtraq&m=96999020527583&w=2 http://www.securityfocus.com/bid/1718 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-015 https://exchange.xforce.ibmcloud.com/vulnerabilities/5293 •
CVE-2001-0150 – Microsoft Internet Explorer 5.0.1/5.5/6.0 - Telnet Client File Overwrite
https://notcve.org/view.php?id=CVE-2001-0150
Internet Explorer 5.5 and earlier executes Telnet sessions using command line arguments that are specified by the web site, which could allow remote attackers to execute arbitrary commands if the IE client is using the Telnet client provided in Services for Unix (SFU) 2.0, which creates session transcripts. • https://www.exploit-db.com/exploits/20680 http://www.osvdb.org/7816 http://www.securityfocus.com/bid/2463 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-015 https://exchange.xforce.ibmcloud.com/vulnerabilities/6230 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVE-2001-0002
https://notcve.org/view.php?id=CVE-2001-0002
Internet Explorer 5.5 and earlier allows remote attackers to obtain the physical location of cached content and open the content in the Local Computer Zone, then use compiled HTML help (.chm) files to execute arbitrary programs. • http://www.guninski.com/chmtempmain.html http://www.osvdb.org/7823 http://www.securityfocus.com/bid/2456 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-015 https://exchange.xforce.ibmcloud.com/vulnerabilities/5567 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A920 •
CVE-2001-0154
https://notcve.org/view.php?id=CVE-2001-0154
HTML e-mail feature in Internet Explorer 5.5 and earlier allows attackers to execute attachments by setting an unusual MIME type for the attachment, which Internet Explorer does not process correctly. Funcionalidad HTML en Internet Explorer 5.5 y anteriores, que permite al atacante la ejecución de un archivo adjunto. Se consigue gracias al envío de cabeceras MIME inválidas para el adjunto que le permiten disfrazarse como un tipo de archivo no ejecutable. El correo electrónico vía HTML se representa en páginas web que el explorador es capaz de interpretar. Cuando el correo contiene ficheros adjuntos el Explorador también es capaz de abrir la aplicación asociada a los ficheros binarios adjuntos cuyo tipo (extensión de archivo) está definido en las cabeceras MIME. • http://marc.info/?l=bugtraq&m=98596775905044&w=2 http://securitytracker.com/id?1001197 http://www.cert.org/advisories/CA-2001-06.html http://www.ciac.org/ciac/bulletins/l-066.shtml http://www.osvdb.org/7806 http://www.securityfocus.com/bid/2524 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-020 https://exchange.xforce.ibmcloud.com/vulnerabilities/6306 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A141 •