CVSS: 6.5EPSS: 4%CPEs: 32EXPL: 2CVE-2004-0526 – Microsoft Internet Explorer 4/5/6 - Embedded Image URI Obfuscation
https://notcve.org/view.php?id=CVE-2004-0526
08 Jun 2004 — Unknown versions of Internet Explorer and Outlook allow remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack. Versiones desconocidas de Internet Explorer y Outlook permiten a atacantes remotos suplantar URL legítimas en la barra de estado mediante etiquetas A HREF con valores "alt" modificados que apuntan al sitio legí... • https://www.exploit-db.com/exploits/24102 •
CVSS: 9.8EPSS: 38%CPEs: 7EXPL: 3CVE-2003-1041 – Microsoft Windows XP/2000 - showHelp '.CHM' File Execution (MS03-004)
https://notcve.org/view.php?id=CVE-2003-1041
20 May 2004 — Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug may overlap CVE-2004-0475. Internet Explorer 5.x y 6.0 permite a atacantes remotos ejecutar programas arbitrarios mediante una URL conteniendo secuencias ".." (punto punto) en un nombre de fichero terminado en "::" ... • https://www.exploit-db.com/exploits/23504 •
CVSS: 7.5EPSS: 1%CPEs: 10EXPL: 1CVE-2003-0513
https://notcve.org/view.php?id=CVE-2003-0513
16 Mar 2004 — Microsoft Internet Explorer allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Internet Explorer to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application. Microsoft Internet Explorer permite a atacantes remotos saltarse las restriciones de cookies pretendidas en una aplicación web mediante secuencias d... • http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html •
CVSS: 5.3EPSS: 29%CPEs: 10EXPL: 3CVE-2004-2090 – Microsoft Internet Explorer 5.0.1 - LoadPicture File Enumeration
https://notcve.org/view.php?id=CVE-2004-2090
07 Feb 2004 — Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers to determine the existence of arbitrary files via the VBScript LoadPicture method, which returns an error code if the file does not exist. • https://www.exploit-db.com/exploits/23668 •
CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 0CVE-2003-0817
https://notcve.org/view.php?id=CVE-2003-0817
14 Jan 2004 — Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object. Internet Explorer 5.01 hasta la 6 SP1 permite que atacantes remotos se salten restricciones de seguirdad y lean ficheros arbitrarios mediante objetos XML. • http://secunia.com/advisories/10192 •
CVSS: 7.5EPSS: 66%CPEs: 9EXPL: 2CVE-2003-0816 – Microsoft Internet Explorer 5 - window.open Search Pane Cross-Zone Scripting
https://notcve.org/view.php?id=CVE-2003-0816
14 Jan 2004 — Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a j... • https://www.exploit-db.com/exploits/23790 •
CVSS: 9.1EPSS: 22%CPEs: 9EXPL: 0CVE-2003-0823
https://notcve.org/view.php?id=CVE-2003-0823
14 Jan 2004 — Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027. Internet Explorer 6SP! y anteriores permite que atacantes remotos redirijan los comportamientos de copias/pegar y otras acciones del ratón a otras ventenas, mediante llamada al método window.moveBy. También se la conoce como vulnerabilidad HijackClick • http://marc.info/?l=bugtraq&m=106322197932006&w=2 •
CVSS: 7.5EPSS: 13%CPEs: 9EXPL: 0CVE-2003-0814
https://notcve.org/view.php?id=CVE-2003-0814
14 Jan 2004 — Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability. Internet Explorer 6 SP1 y anteriores permiten que atacantes remotos se salten restricciones y ejecuten Javascript fijando el ""href"" al Javascript malicioso y a continuación llamando al comando execCommand(""Re... • http://secunia.com/advisories/10192 •
CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 0CVE-2003-0815
https://notcve.org/view.php?id=CVE-2003-0815
14 Jan 2004 — Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability. Internet Explorer 6 SP1 y anteriores permite que atacantes remotos se salten restricci... • http://marc.info/?l=bugtraq&m=106321757619047&w=2 •
CVSS: 10.0EPSS: 25%CPEs: 10EXPL: 0CVE-2003-1027
https://notcve.org/view.php?id=CVE-2003-1027
08 Jan 2004 — Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability." Internet Explorer 6 SP1 permite a atacantes remotos enviar acciones de arrastrar y soltar y otras acciones con el ratón a otras ven... • http://marc.info/?l=bugtraq&m=106979479719446&w=2 •