CVSS: 7.1EPSS: 94%CPEs: 3EXPL: 2CVE-2005-4089
https://notcve.org/view.php?id=CVE-2005-4089
Microsoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains that are not valid Cascading Style Sheets (CSS) files, as demonstrated using Google Desktop, aka "CSSXSS" and "CSS Cross-Domain Information Disclosure Vulnerability." • http://secunia.com/advisories/17564 http://securitytracker.com/id?1016291 http://www.hacker.co.il/security/ie/css_import.html http://www.securityfocus.com/bid/15660 http://www.vupen.com/english/advisories/2005/2804 http://www.vupen.com/english/advisories/2006/2319 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1556 https://oval.cisecurity.org/repository/search/defin • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 62%CPEs: 1EXPL: 2CVE-2005-3312
https://notcve.org/view.php?id=CVE-2005-3312
The HTML rendering engine in Microsoft Internet Explorer 6.0 allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML in corrupted images and other files such as .GIF, JPG, and WAV, which is rendered as HTML when the user clicks on the link, even though the web server response and file extension indicate that it should be treated as a different file type. • http://marc.info/?l=bugtraq&m=113017003617987&w=2 http://securityreason.com/securityalert/18 http://www.computec.ch/download.php?view.683 http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=1746 http://www.securiteam.com/windowsntfocus/6F00B00EBY.html •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 1CVE-2005-2304
https://notcve.org/view.php?id=CVE-2005-2304
Microsoft MSN Messenger 9.0 and Internet Explorer 6.0 allows remote attackers to cause a denial of service (crash) via an image with an ICC Profile with a large Tag Count. Microsoft MSN Messenger 9.0 e Internet Explorer 6.0 permiten que atacantes remotos causen una denegación de servicio (caída) mediante una imagen con un ICC Profile con un Tag Count grande. • http://www.securityfocus.com/archive/1/405377 http://www.securityfocus.com/bid/14288 •
CVSS: 2.6EPSS: 5%CPEs: 1EXPL: 2CVE-2005-2274
https://notcve.org/view.php?id=CVE-2005-2274
Microsoft Internet Explorer 6.0 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability." • http://secunia.com/advisories/15491 http://secunia.com/advisories/15492 http://secunia.com/multiple_browsers_dialog_origin_vulnerability_test http://secunia.com/secunia_research/2005-9/advisory http://www.microsoft.com/technet/security/advisory/902333.mspx •
CVSS: 5.0EPSS: 96%CPEs: 11EXPL: 1CVE-2005-2087 – Microsoft Internet Explorer - 'javaprxy.dll' COM Object Remote Overflow
https://notcve.org/view.php?id=CVE-2005-2087
Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, as demonstrated using the JVIEW Profiler (Javaprxy.dll). NOTE: the researcher says that the vendor could not reproduce this problem. • https://www.exploit-db.com/exploits/1079 http://marc.info/?l=bugtraq&m=112006764714946&w=2 http://secunia.com/advisories/15891 http://securitytracker.com/id?1014329 http://www.auscert.org.au/render.html?it=5225 http://www.kb.cert.org/vuls/id/939605 http://www.kb.cert.org/vuls/id/959049 http://www.microsoft.com/technet/security/advisory/903144.mspx http://www.osvdb.org/17680 http://www.securityfocus.com/archive/1/404055 http://www.securityfocus.com/bid/ • CWE-399: Resource Management Errors •