CVSS: 5.0EPSS: 93%CPEs: 2EXPL: 1CVE-2004-1043 – Microsoft Internet Explorer (Windows XP SP2) - HTML Help Control Local Zone Bypass
https://notcve.org/view.php?id=CVE-2004-1043
Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to execute arbitrary code by using the "Related Topics" command in the Help ActiveX Control (hhctrl.ocx) to open a Help popup window containing the PCHealth tools.htm file in the local zone and injecting Javascript to be executed, as demonstrated using "writehta.txt" and the ADODB recordset, which saves a .HTA file to the local system, aka the "HTML Help ActiveX control Cross Domain Vulnerability." • https://www.exploit-db.com/exploits/719 http://archives.neohapsis.com/archives/bugtraq/2004-12/0426.html http://www.kb.cert.org/vuls/id/972415 http://www.us-cert.gov/cas/techalerts/TA05-012B.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-001 https://exchange.xforce.ibmcloud.com/vulnerabilities/18311 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1349 https://oval.cisecurity.org/repository/search/definition/oval%3A •
CVSS: 5.1EPSS: 0%CPEs: 2EXPL: 0CVE-2004-1416
https://notcve.org/view.php?id=CVE-2004-1416
pnxr3260.dll in the RealOne 2.0 build 6.0.11.868 browser plugin, as used in Internet Explorer, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted embed tag. • http://marc.info/?l=bugtraq&m=110374765215675&w=2 http://www.osvdb.org/12660 •
CVSS: 5.1EPSS: 81%CPEs: 5EXPL: 2CVE-2004-2383 – Microsoft Internet Explorer 5/6 - Cross-Domain Event Leakage
https://notcve.org/view.php?id=CVE-2004-2383
Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to bypass cross-frame scripting restrictions and capture keyboard events from other domains via an HTML document with Javascript that is outside a frameset that includes the target domain, then forcing the frameset to maintain focus. NOTE: the discloser claimed that the vendor does not categorize this as a vulnerability, but it can be used in a spoofing scenario; the discloser provides alternate scenarios. Spoofing scenarios are currently included in CVE. • https://www.exploit-db.com/exploits/23766 http://www.idefense.com/application/poi/display?id=77&type=vulnerabilities&flashstatus=false http://www.securityfocus.com/bid/9761 https://exchange.xforce.ibmcloud.com/vulnerabilities/15337 •
CVSS: 5.0EPSS: 94%CPEs: 3EXPL: 1CVE-2004-1376
https://notcve.org/view.php?id=CVE-2004-1376
Directory traversal vulnerability in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote malicious FTP servers to overwrite arbitrary files via .. (dot dot) sequences in filenames returned from a LIST command. • http://marc.info/?l=bugtraq&m=110461358930103&w=2 http://secunia.com/advisories/13704 http://www.7a69ezine.org/node/view/176 •
CVSS: 5.0EPSS: 1%CPEs: 3EXPL: 1CVE-2004-1198
https://notcve.org/view.php?id=CVE-2004-1198
Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash from memory consumption), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays. • http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1221.html http://www.securityfocus.com/archive/1/382257 http://www.securityfocus.com/bid/11751 https://exchange.xforce.ibmcloud.com/vulnerabilities/18282 •