CVSS: 4.6EPSS: 17%CPEs: 15EXPL: 0CVE-2004-0979
https://notcve.org/view.php?id=CVE-2004-0979
Internet Explorer on Windows XP does not properly modify the "Drag and Drop or copy and paste files" setting when the user sets it to "Disable" or "Prompt," which may enable security-sensitive operations that are inconsistent with the user's intended configuration. • http://www.kb.cert.org/vuls/id/630720 http://www.us-cert.gov/cas/techalerts/TA04-293A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038 https://exchange.xforce.ibmcloud.com/vulnerabilities/17820 •
CVSS: 10.0EPSS: 96%CPEs: 5EXPL: 1CVE-2004-0214 – Microsoft Windows XP/2000/NT 4.0 - Shell Long Share Name Buffer Overrun
https://notcve.org/view.php?id=CVE-2004-0214
Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba. Desbordamiento de búfer en Microsoft Internet Explorer y Explorador de Windows XP SP1, 2000, 98 y Me puede permitir a usuarios remotos maliciosos causar una denegación de servicio (caída de aplicación) y posiblemente ejecutar código de su elección mediante nombres de recursos compartidos largos, como se ha demostrado usando Samba. • https://www.exploit-db.com/exploits/24051 http://seclists.org/lists/bugtraq/2004/Apr/0322.html http://seclists.org/lists/fulldisclosure/2004/Apr/0933.html http://secunia.com/advisories/11482 http://securitytracker.com/id?1011647 http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B322857 http://www.kb.cert.org/vuls/id/616200 http://www.osvdb.org/5687 http://www.securiteam.com/windowsntfocus/5JP0M1PCKI.html http://www.securityfocus.com/bid/10213 https://docs.m •
CVSS: 7.5EPSS: 1%CPEs: 27EXPL: 0CVE-2004-0867
https://notcve.org/view.php?id=CVE-2004-0867
Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. NOTE: it was later reported that 2.x is also affected. Mozilla Firefox 0.9.2 pemite a sitios web establecer cookies para dominios de nivel superior específicos de países, como .ltd.uk, .plc.uk, y .sch.uk, lo que podría permitir a atacantes remotos realizar ataques de fijación de sesión y secuestrar sesiones HTTP de un usuario. NOTA: se ha informado posteriormente que la versión 2.X también se encuentra afectada por esta vulnerabilidad. • http://kuza55.blogspot.com/2008/02/understanding-cookie-security.html http://marc.info/?l=bugtraq&m=109536612321898&w=2 http://secunia.com/advisories/12580 http://securitytracker.com/id?1011331 http://www.securityfocus.com/bid/11186 https://bugzilla.mozilla.org/show_bug.cgi?id=252342 https://exchange.xforce.ibmcloud.com/vulnerabilities/17415 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 27EXPL: 0CVE-2004-0866
https://notcve.org/view.php?id=CVE-2004-0866
Internet Explorer 6.0 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. • http://marc.info/?l=bugtraq&m=109536612321898&w=2 http://securitytracker.com/id?1011332 http://www.securityfocus.com/bid/11186 https://exchange.xforce.ibmcloud.com/vulnerabilities/17415 •
CVSS: 7.5EPSS: 96%CPEs: 16EXPL: 3CVE-2004-0842 – Microsoft Internet Explorer 5.0.1 - Style Tag Comment Memory Corruption
https://notcve.org/view.php?id=CVE-2004-0842
Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "<STYLE>@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability." Internet Explorer 6.1 SP1 y anteriores, y posiblemente otras versiones, permiten a atacantes remotos causar una denegación de servicio (caída de aplicación por "corrupción de memoria") mediante ciertos elementos de Hoja de Estilos en Cascada (CSS), como se ha demostrado usanto la cadena "<STYLE>@;/*", posiblemente debido a un terminador de comentario ausente que puede causar una longitud inválida que dispare una operación de copia de memoria grande. • https://www.exploit-db.com/exploits/24328 http://marc.info/?l=bugtraq&m=109107496214572&w=2 http://marc.info/?l=full-disclosure&m=109060455614702&w=2 http://marc.info/?l=full-disclosure&m=109102919426844&w=2 http://secunia.com/advisories/12806 http://www.ciac.org/ciac/bulletins/p-006.shtml http://www.ecqurity.com/adv/IEstyle.html http://www.kb.cert.org/vuls/id/291304 http://www.securiteam.com/exploits/5NP042KF5A.html http://www.securityfocus.com/bid/10816&# •