CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2005-4844
https://notcve.org/view.php?id=CVE-2005-4844
The CLSID_ApprenticeICW control allows remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer. • http://www.securityfocus.com/archive/1/391803 •
CVSS: 7.5EPSS: 14%CPEs: 29EXPL: 1CVE-2005-4827
https://notcve.org/view.php?id=CVE-2005-4827
Internet Explorer 6.0, and possibly other versions, allows remote attackers to bypass the same origin security policy and make requests outside of the intended domain by calling open on an XMLHttpRequest object (Microsoft.XMLHTTP) and using tab, newline, and carriage return characters within the first argument (method name), which is supported by some proxy servers that convert tabs to spaces. NOTE: this issue can be leveraged to conduct referer spoofing, HTTP Request Smuggling, and other attacks. • http://seclists.org/fulldisclosure/2007/Feb/0081.html http://www.securityfocus.com/archive/1/411585 http://www.securityfocus.com/archive/1/459172/100/0/threaded http://www.securityfocus.com/bid/14969 •
CVSS: 5.0EPSS: 7%CPEs: 8EXPL: 3CVE-2005-4717 – Microsoft Internet Explorer 6 - Malformed HTML Parsing Denial of Service
https://notcve.org/view.php?id=CVE-2005-4717
Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereference, probably related to rendering of a DIV element that contains a malformed IMG tag, as demonstrated by IEcrash.htm and IEcrash.rar. • https://www.exploit-db.com/exploits/26457 http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0673.html http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0127.html http://www.securityfocus.com/bid/15268 •
CVSS: 4.3EPSS: 84%CPEs: 2EXPL: 0CVE-2005-4840
https://notcve.org/view.php?id=CVE-2005-4840
The Outlook Express Address Book control, when using Internet Explorer 6, allows remote attackers to cause a denial of service (NULL dereference and browser crash) by creating the OutlookExpress.AddressBook COM object, which is not intended for use within Internet Explorer. • http://browserfun.blogspot.com/2006/07/mobb-3-outlookexpressaddressbook_02.html http://www.osvdb.org/26836 http://www.securityfocus.com/archive/1/391803 http://www.securityfocus.com/archive/1/470694/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/34755 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.1EPSS: 8%CPEs: 10EXPL: 0CVE-2005-3240
https://notcve.org/view.php?id=CVE-2005-3240
Race condition in Microsoft Internet Explorer allows user-assisted attackers to overwrite arbitrary files and possibly execute code by tricking a user into performing a drag-and-drop action from certain objects, such as file objects within a folder view, then predicting the drag action, and re-focusing to a malicious window. • http://blogs.technet.com/msrc/archive/2006/02/13/419439.aspx http://secunia.com/advisories/18787 http://securitytracker.com/id?1015049 http://www.osvdb.org/2707 http://www.securiteam.com/windowsntfocus/5MP0B0UHPA.html http://www.securityfocus.com/archive/1/424863/100/0/threaded http://www.securityfocus.com/archive/1/424940/100/0/threaded http://www.securityfocus.com/bid/16352 http://www.vupen.com/english/advisories/2006/0553 https://exchange.xforce.ibmcloud.com/vulnerabilities • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •