Vulnerabilities > CVE-2001-0002 - Unspecified vulnerability in Microsoft Internet Explorer and Windows Script Host
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Internet Explorer 5.5 and earlier allows remote attackers to obtain the physical location of cached content and open the content in the Local Computer Zone, then use compiled HTML help (.chm) files to execute arbitrary programs.
Vulnerable Configurations
Oval
| accepted | 2014-02-24T04:03:28.132-05:00 | ||||||||
| class | vulnerability | ||||||||
| contributors |
| ||||||||
| description | Internet Explorer 5.5 and earlier allows remote attackers to obtain the physical location of cached content and open the content in the Local Computer Zone, then use compiled HTML help (.chm) files to execute arbitrary programs. | ||||||||
| family | windows | ||||||||
| id | oval:org.mitre.oval:def:920 | ||||||||
| status | accepted | ||||||||
| submitted | 2004-04-29T12:00:00.000-04:00 | ||||||||
| title | IE Cached Content Command Execution Vulnerability | ||||||||
| version | 66 |
References
- http://www.guninski.com/chmtempmain.html
- http://www.securityfocus.com/bid/2456
- http://www.osvdb.org/7823
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A920
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5567
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-015