CVSS: 5.0EPSS: 96%CPEs: 16EXPL: 3CVE-2004-0841 – Microsoft Internet Explorer 5.0.1 - Popup.show Mouse Event Hijacking
https://notcve.org/view.php?id=CVE-2004-0841
Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability." Internet Explorer 6.x permite a atacantes remotos instalar programas de su elección mediante eventos mousedown que llaman al método Popup.show y usan acciones "arrastrar y soltar" en una ventana emergente, también conocida como "HijackClick 3" y la "Vulnerabilidad de descarga de fichero con scritp en etiqueta de imagen" • https://www.exploit-db.com/exploits/24266 http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0498.html http://secunia.com/advisories/12048 http://securitytracker.com/id?1010679 http://www.kb.cert.org/vuls/id/413886 http://www.osvdb.org/7774 http://www.securityfocus.com/archive/1/368652 http://www.securityfocus.com/archive/1/368666 http://www.securityfocus.com/bid/10690 http://www.us-cert.gov/cas/techalerts/TA04-293A.html https://docs.microsoft.com/en- •
CVSS: 5.0EPSS: 89%CPEs: 46EXPL: 1CVE-2004-0839
https://notcve.org/view.php?id=CVE-2004-0839
Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html". • http://marc.info/?l=bugtraq&m=109303291513335&w=2 http://marc.info/?l=bugtraq&m=109336221826652&w=2 http://seclists.org/lists/fulldisclosure/2004/Aug/0868.html http://www.kb.cert.org/vuls/id/526089 http://www.securityfocus.com/bid/10973 http://www.us-cert.gov/cas/techalerts/TA04-293A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038 https://exchange.xforce.ibmcloud.com/vulnerabilities/17044 https://oval.cisecurity.org/repository/search&# •
CVSS: 7.5EPSS: 94%CPEs: 10EXPL: 0CVE-2004-0719
https://notcve.org/view.php?id=CVE-2004-0719
Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, and possibly other versions, does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. Internet Explorer para Mac 5.2.3, Internet Explorer 6 en Windows XP, u posiblemente otras versiones, no previenen adecuadamente que un marco de un dominio inyecte contenido en un marco que pertenece a otro dominio, lo que facilita la suplantación de sitios web y otros ataques. Vulnerabilidad también conocida como "de inyección de marco". • http://secunia.com/advisories/11966 http://secunia.com/advisories/11978 http://secunia.com/multiple_browsers_frame_injection_vulnerability_test https://exchange.xforce.ibmcloud.com/vulnerabilities/1598 •
CVSS: 7.5EPSS: 5%CPEs: 1EXPL: 1CVE-2004-0727 – Microsoft Internet Explorer 5.0.1 - JavaScript Method Assignment Cross-Domain Scripting
https://notcve.org/view.php?id=CVE-2004-0727
Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability." Microsoft Internet Explorer 6.0.2800.1106 sobre Windows XP SP2 permite a servidores web remotos saltarse restricciones de zona y ejecutar código de su elección en la zona del PC local redirigiendo una función a otra función con el mismo nombre, como se ha demostrado por SimilarMethodNameRedir • https://www.exploit-db.com/exploits/24265 http://freehost07.websamba.com/greyhats/similarmethodnameredir.htm http://marc.info/?l=bugtraq&m=108966512815373&w=2 http://secunia.com/advisories/12048 http://www.kb.cert.org/vuls/id/207264 http://www.us-cert.gov/cas/techalerts/TA04-293A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038 https://exchange.xforce.ibmcloud.com/vulnerabilities/16681 https://oval.cisecurity.org/repository/search/definition/oval%3 •
CVSS: 10.0EPSS: 77%CPEs: 18EXPL: 0CVE-2003-1048
https://notcve.org/view.php?id=CVE-2003-1048
Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image. mshtml.dll de ciertas versiones de Internet Explorer 6.x permite a atacantes remotos causar una denegación de servicio (caída de aplicación) y posiblemente ejecutar código arbitrario mediante una imagen GIF malformada que dispara un desbordamiento de búfer. • http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009445.html http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009473.html http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009506.html http://www.ciac.org/ciac/bulletins/o-191.shtml http://www.kb.cert.org/vuls/id/685364 http://www.securityfocus.com/bid/8530 http://www.us-cert.gov/cas/techalerts/TA04-212A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/200 • CWE-415: Double Free •