CVSS: 7.5EPSS: 5%CPEs: 1EXPL: 1CVE-2004-0727 – Microsoft Internet Explorer 5.0.1 - JavaScript Method Assignment Cross-Domain Scripting
https://notcve.org/view.php?id=CVE-2004-0727
Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability." Microsoft Internet Explorer 6.0.2800.1106 sobre Windows XP SP2 permite a servidores web remotos saltarse restricciones de zona y ejecutar código de su elección en la zona del PC local redirigiendo una función a otra función con el mismo nombre, como se ha demostrado por SimilarMethodNameRedir • https://www.exploit-db.com/exploits/24265 http://freehost07.websamba.com/greyhats/similarmethodnameredir.htm http://marc.info/?l=bugtraq&m=108966512815373&w=2 http://secunia.com/advisories/12048 http://www.kb.cert.org/vuls/id/207264 http://www.us-cert.gov/cas/techalerts/TA04-293A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038 https://exchange.xforce.ibmcloud.com/vulnerabilities/16681 https://oval.cisecurity.org/repository/search/definition/oval%3 •
CVSS: 10.0EPSS: 96%CPEs: 3EXPL: 2CVE-2004-0420
https://notcve.org/view.php?id=CVE-2004-0420
The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet Explorer 6.0.2800.1106 on Windows XP. Internet Explorer 6.0.2800.1106 sobre Windows XP y posiblemente otras versiones, permite a atacantes remotos suplantar el tipo de un de un fichero mediante un especificador CLSID en el nombre del fichero. • http://secunia.com/advisories/10736 http://www.kb.cert.org/vuls/id/106324 http://www.security-express.com/archives/bugtraq/2004-01/0300.html http://www.securityfocus.com/archive/1/351379 http://www.securityfocus.com/bid/9510 http://www.us-cert.gov/cas/techalerts/TA04-196A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-024 https://exchange.xforce.ibmcloud.com/vulnerabilities/14964 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg •
CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2002-2125
https://notcve.org/view.php?id=CVE-2002-2125
Internet Explorer 6.0 does not warn users when an expired certificate authority (CA) certificate is submitted to the user and a newer CA certificate is in the user's local repository, which could allow remote attackers to decrypt web sessions via a man-in-the-middle (MITM) attack. • http://www.iss.net/security_center/static/10180.php http://www.securityfocus.com/archive/1/292842 http://www.securityfocus.com/bid/5778 •