Page 8 of 66 results (0.002 seconds)

CVSS: 7.5EPSS: 6%CPEs: 4EXPL: 0

Internet Explorer 5.5 and earlier allows remote attackers to obtain the physical location of cached content and open the content in the Local Computer Zone, then use compiled HTML help (.chm) files to execute arbitrary programs. • http://www.guninski.com/chmtempmain.html http://www.osvdb.org/7823 http://www.securityfocus.com/bid/2456 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-015 https://exchange.xforce.ibmcloud.com/vulnerabilities/5567 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A920 •

CVSS: 7.5EPSS: 3%CPEs: 2EXPL: 0

HTML e-mail feature in Internet Explorer 5.5 and earlier allows attackers to execute attachments by setting an unusual MIME type for the attachment, which Internet Explorer does not process correctly. Funcionalidad HTML en Internet Explorer 5.5 y anteriores, que permite al atacante la ejecución de un archivo adjunto. Se consigue gracias al envío de cabeceras MIME inválidas para el adjunto que le permiten disfrazarse como un tipo de archivo no ejecutable. El correo electrónico vía HTML se representa en páginas web que el explorador es capaz de interpretar. Cuando el correo contiene ficheros adjuntos el Explorador también es capaz de abrir la aplicación asociada a los ficheros binarios adjuntos cuyo tipo (extensión de archivo) está definido en las cabeceras MIME. • http://marc.info/?l=bugtraq&m=98596775905044&w=2 http://securitytracker.com/id?1001197 http://www.cert.org/advisories/CA-2001-06.html http://www.ciac.org/ciac/bulletins/l-066.shtml http://www.osvdb.org/7806 http://www.securityfocus.com/bid/2524 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-020 https://exchange.xforce.ibmcloud.com/vulnerabilities/6306 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A141 •

CVSS: 2.6EPSS: 0%CPEs: 4EXPL: 0

The ActiveX control for invoking a scriptlet in Internet Explorer 5.0 through 5.5 renders arbitrary file types instead of HTML, which allows an attacker to read arbitrary files, aka a variant of the "Scriptlet Rendering" vulnerability. • http://www.osvdb.org/7820 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-093 https://exchange.xforce.ibmcloud.com/vulnerabilities/6085 •

CVSS: 2.6EPSS: 0%CPEs: 3EXPL: 1

Internet Explorer 5.0 through 5.5 allows remote attackers to read arbitrary files from the client via the INPUT TYPE element in an HTML form, aka the "File Upload via Form" vulnerability. • https://www.exploit-db.com/exploits/20459 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-093 https://exchange.xforce.ibmcloud.com/vulnerabilities/5615 •

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 1

Internet Explorer before 5.5 forwards cached user credentials for a secure web site to insecure pages on the same web site, which could allow remote attackers to obtain the credentials by monitoring connections to the web server, aka the "Cached Web Credentials" vulnerability. • http://www.acrossecurity.com/aspr/ASPR-2000-07-22-2-PUB.txt http://www.securityfocus.com/bid/1793 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-076 https://exchange.xforce.ibmcloud.com/vulnerabilities/5367 •