CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 3CVE-2001-0875 – Microsoft Internet Explorer 5.5/6.0 - Spoofable File Extensions
https://notcve.org/view.php?id=CVE-2001-0875
26 Nov 2001 — Internet Explorer 5.5 and 6.0 allows remote attackers to cause the File Download dialogue box to misrepresent the name of the file in the dialogue in a way that could fool users into thinking that the file type is safe to download. • https://www.exploit-db.com/exploits/21164 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2001-0807
https://notcve.org/view.php?id=CVE-2001-0807
22 Nov 2001 — Internet Explorer 5.0, and possibly other versions, may allow remote attackers (malicious web pages) to read known text files from a client's hard drive via a SCRIPT tag with a SRC value that points to the text file. • http://www.securityfocus.com/cgi-bin/archive.pl?id=1&mid=189341 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2001-0904
https://notcve.org/view.php?id=CVE-2001-0904
20 Nov 2001 — Internet Explorer 5.5 and 6 with the Q312461 (MS01-055) patch modifies the HTTP_USER_AGENT (UserAgent) information that indicates that the patch has been installed, which could allow remote malicious web sites to more easily identify and exploit vulnerable clients. • http://marc.info/?l=bugtraq&m=100619268115798&w=2 •
CVSS: 8.2EPSS: 14%CPEs: 2EXPL: 1CVE-2001-0723
https://notcve.org/view.php?id=CVE-2001-0723
14 Nov 2001 — Internet Explorer 5.5 and 6.0 allows remote attackers to read and modify user cookies via Javascript, aka the "Second Cookie Handling Vulnerability." • http://www.securityfocus.com/bid/3546 •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0CVE-2001-0724
https://notcve.org/view.php?id=CVE-2001-0724
14 Nov 2001 — Internet Explorer 5.5 allows remote attackers to bypass security restrictions via malformed URLs that contain dotless IP addresses, which causes Internet Explorer to process the page in the Intranet Zone, which may have fewer security restrictions, aka the "Zone Spoofing Vulnerability variant" of CVE-2001-0664. • http://www.osvdb.org/5556 •
CVSS: 7.5EPSS: 5%CPEs: 2EXPL: 1CVE-2001-0664 – Microsoft Internet Explorer 5 - Zone Spoofing (MS01-055)
https://notcve.org/view.php?id=CVE-2001-0664
30 Oct 2001 — Internet Explorer 5.5 and 5.01 allows remote attackers to bypass security restrictions via malformed URLs that contain dotless IP addresses, which causes Internet Explorer to process the page in the Intranet Zone, which may have fewer security restrictions, aka the "Zone Spoofing vulnerability." • https://www.exploit-db.com/exploits/21118 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2001-0667
https://notcve.org/view.php?id=CVE-2001-0667
30 Oct 2001 — Internet Explorer 6 and earlier, when used with the Telnet client in Services for Unix (SFU) 2.0, allows remote attackers to execute commands by spawning Telnet with a log file option on the command line and writing arbitrary code into an executable file which is later executed, aka a new variant of the Telnet Invocation vulnerability as described in CVE-2001-0150. • http://www.ciac.org/ciac/bulletins/m-024.shtml • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 1CVE-2001-0712
https://notcve.org/view.php?id=CVE-2001-0712
12 Oct 2001 — The rendering engine in Internet Explorer determines the MIME type independently of the type that is specified by the server, which allows remote servers to automatically execute script which is placed in a file whose MIME type does not normally support scripting, such as text (.txt), JPEG (.jpg), etc. • http://www.securityfocus.com/archive/1/200109 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 3CVE-2001-0643 – Microsoft Internet Explorer 5.5 - CLSID File Execution
https://notcve.org/view.php?id=CVE-2001-0643
20 Sep 2001 — Internet Explorer 5.5 does not display the Class ID (CLSID) when it is at the end of the file name, which could allow attackers to trick the user into executing dangerous programs by making it appear that the document is of a safe file type. • https://www.exploit-db.com/exploits/20774 •
CVSS: 5.9EPSS: 1%CPEs: 2EXPL: 0CVE-2001-0338
https://notcve.org/view.php?id=CVE-2001-0338
27 Jun 2001 — Internet Explorer 5.5 and earlier does not properly validate digital certificates when Certificate Revocation List (CRL) checking is enabled, which could allow remote attackers to spoof trusted web sites, aka the "Server certificate validation vulnerability." • http://www.ciac.org/ciac/bulletins/l-087.shtml •