CVSS: 5.3EPSS: 25%CPEs: 9EXPL: 1CVE-2003-0116
https://notcve.org/view.php?id=CVE-2003-0116
26 Apr 2003 — Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check the Cascading Style Sheet input parameter for Modal dialogs, which allows remote attackers to read files on the local system via a web page containing script that creates a dialog and then accesses the target files, aka "Modal Dialog script execution." Microsoft Internet Explorer 5.01, 5.5 y 6.0 no comprueba adecuadamente el parámetro de entrada de hoja de estilo en cascada (CSS) en diálogos modales, lo que permite a atacantes remotos lee... • http://www.kb.cert.org/vuls/id/244729 •
CVSS: 7.5EPSS: 11%CPEs: 9EXPL: 0CVE-2003-1326
https://notcve.org/view.php?id=CVE-2003-1326
19 Feb 2003 — Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka "Improper Cross Domain Security Validation with dialog box." Microsoft Internet Explorer 5.01, 5.5 y 6.0 permite a atacantes remotos evitar el modelo de seguridad entre dominios (cros-domain) para correr script malicioso o programas arbitrarios mediante cuadros de díálogo. También conocida como "Validacíon de Seguridad Entre Dominios in... • http://www.ciac.org/ciac/bulletins/n-038.shtml •
CVSS: 8.8EPSS: 43%CPEs: 9EXPL: 1CVE-2003-1328 – Microsoft Internet Explorer 5 - ShowHelp Arbitrary Command Execution
https://notcve.org/view.php?id=CVE-2003-1328
19 Feb 2003 — The showHelp() function in Microsoft Internet Explorer 5.01, 5.5, and 6.0 supports certain types of pluggable protocols that allow remote attackers to bypass the cross-domain security model and execute arbitrary code, aka "Improper Cross Domain Security Validation with ShowHelp functionality." La función showHelp() en Microsoft Internet Explorer 5.5 y 6.0 soporta ciertos tipos de protocolos enchufables (añadibles) qeu permiten a atacantes remotos evitar el modelo de seguridad de cruce de dominios y ejecutar... • https://www.exploit-db.com/exploits/22226 •
CVSS: 5.3EPSS: 33%CPEs: 4EXPL: 1CVE-2002-1671
https://notcve.org/view.php?id=CVE-2002-1671
31 Dec 2002 — Microsoft Internet Explorer 5.0, 5.01, and 5.5 allows remote attackers to monitor the contents of the clipboard via the getData method of the clipboardData object. • http://online.securityfocus.com/archive/1/250387/2002-10-11/2002-10-17/2 •
CVSS: 6.5EPSS: 23%CPEs: 6EXPL: 1CVE-2002-1714 – Microsoft Internet Explorer 5/6 - Self-Referential Object Denial of Service
https://notcve.org/view.php?id=CVE-2002-1714
31 Dec 2002 — Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to cause a denial of service (crash) via an object of type "text/html" with the DATA field that identifies the HTML document that contains the object, which may cause infinite recursion. • https://www.exploit-db.com/exploits/21404 •
CVSS: 6.5EPSS: 13%CPEs: 7EXPL: 1CVE-2002-1984
https://notcve.org/view.php?id=CVE-2002-1984
31 Dec 2002 — Microsoft Internet Explorer 5.0.1 through 6.0 on Windows 2000 or Windows XP allows remote attackers to cause a denial of service (crash) via an OBJECT tag that contains a crafted CLASSID (CLSID) value of "CLSID:00022613-0000-0000-C000-000000000046". • http://seclists.org/bugtraq/2002/Jun/0303.html •
CVSS: 5.3EPSS: 33%CPEs: 7EXPL: 4CVE-2002-2031 – Microsoft Internet Explorer 5 - JavaScript Local File Enumeration
https://notcve.org/view.php?id=CVE-2002-2031
31 Dec 2002 — Internet Explorer 5.0, 5.0.1 and 5.5 with JavaScript execution enabled allows remote attackers to determine the existence of arbitrary files via a script tag with a src parameter that references a non-JavaScript file, then using the onError event handler to monitor the results. • https://www.exploit-db.com/exploits/21198 •
CVSS: 9.1EPSS: 22%CPEs: 9EXPL: 1CVE-2002-2311
https://notcve.org/view.php?id=CVE-2002-2311
31 Dec 2002 — Microsoft Internet Explorer 6.0 and possibly others allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript (1) event.ctrlKey or (2) event.shiftKey onkeydown event contained in a webpage. NOTE: it was reported that the vendor has disputed the severity of this issue. • http://online.securityfocus.com/archive/1/283866 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 29%CPEs: 8EXPL: 0CVE-2002-1185
https://notcve.org/view.php?id=CVE-2002-1185
11 Dec 2002 — Internet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes during decompression, aka "Malformed PNG Image File Failure." • http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0105.html •
CVSS: 7.5EPSS: 36%CPEs: 8EXPL: 1CVE-2002-1186
https://notcve.org/view.php?id=CVE-2002-1186
11 Dec 2002 — Internet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters within a URL, which allows a remote attacker to steal potentially sensitive information from a user by redirecting the user to another site that has that information, aka "Encoded Characters Information Disclosure." • http://archives.neohapsis.com/archives/bugtraq/2002-09/0018.html •