CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 1CVE-2003-0309 – Microsoft Internet Explorer 5/6 - 'file://' Request Zone Bypass
https://notcve.org/view.php?id=CVE-2003-0309
Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to bypass security zone restrictions and execute arbitrary programs via a web document with a large number of duplicate file:// or other requests that point to the program and open multiple file download dialogs, which eventually cause Internet Explorer to execute the program, as demonstrated using a large number of FRAME or IFRAME tags, aka the "File Download Dialog Vulnerability." Internet Explorer 6.0.2800 permite que atacantes remotos se salten las restricciones de la zona de seguridad y ejecuten código arbitrario mediante un documento web con un elevado número de file:// u otras peticiones que apunten al programa, lo que ocasionalmente provoca que el Internet Explorer ejecute el programa, como se ha demostrado usando un elevado número de tags FRAME o IFRAME. • https://www.exploit-db.com/exploits/22575 http://marc.info/?l=bugtraq&m=105249399103214&w=2 http://marc.info/?l=bugtraq&m=105294081325040&w=2 http://marc.info/?l=ntbugtraq&m=105294162726096&w=2 http://secunia.com/advisories/8807 http://www.kb.cert.org/vuls/id/251788 http://www.securityfocus.com/bid/7539 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-020 https://exchange.xforce.ibmcloud.com/vulnerabilities/12019 https://oval.cisecurity. •
CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2002-2125
https://notcve.org/view.php?id=CVE-2002-2125
Internet Explorer 6.0 does not warn users when an expired certificate authority (CA) certificate is submitted to the user and a newer CA certificate is in the user's local repository, which could allow remote attackers to decrypt web sessions via a man-in-the-middle (MITM) attack. • http://www.iss.net/security_center/static/10180.php http://www.securityfocus.com/archive/1/292842 http://www.securityfocus.com/bid/5778 •