Vulnerabilities > CVE-2001-0091 - Unspecified vulnerability in Microsoft Internet Explorer

CVSS 2.6 - LOW

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

high complexity

microsoft

NVD

Published: 2001-02-16

Updated: 2021-07-23

Summary

The ActiveX control for invoking a scriptlet in Internet Explorer 5.0 through 5.5 renders arbitrary file types instead of HTML, which allows an attacker to read arbitrary files, aka a variant of the "Scriptlet Rendering" vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Microsoft Microsoft Internet Explorer 4.0 Microsoft Internet Explorer 5.0 Microsoft Internet Explorer 5.01 Microsoft Internet Explorer 5.5	4

References

http://www.osvdb.org/7820
https://exchange.xforce.ibmcloud.com/vulnerabilities/6085
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-093