Vulnerabilities > CVE-2001-0727 - Unspecified vulnerability in Microsoft Internet Explorer 5.5/6.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Internet Explorer 6.0 allows remote attackers to execute arbitrary code by modifying the Content-Disposition and Content-Type header fields in a way that causes Internet Explorer to believe that the file is safe to open without prompting the user, aka the "File Execution Vulnerability."
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Oval
accepted | 2016-05-27T15:00:00.000-04:00 | ||||||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||||||
contributors |
| ||||||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||||||
description | Internet Explorer 6.0 allows remote attackers to execute arbitrary code by modifying the Content-Disposition and Content-Type header fields in a way that causes Internet Explorer to believe that the file is safe to open without prompting the user, aka the "File Execution Vulnerability." | ||||||||||||||||||||||||
family | windows | ||||||||||||||||||||||||
id | oval:org.mitre.oval:def:921 | ||||||||||||||||||||||||
status | accepted | ||||||||||||||||||||||||
submitted | 2004-04-29T04:00:00.000-04:00 | ||||||||||||||||||||||||
title | IE File Execution User-prompt Bypass Vulnerability | ||||||||||||||||||||||||
version | 72 |
Saint
bid | 3578 |
description | Internet Explorer inline content filename extension vulnerability |
id | win_patch_ie_patch |
osvdb | 3033 |
title | inline_content_filename_ext |
type | client |
References
- http://www.cert.org/advisories/CA-2001-36.html
- http://www.kb.cert.org/vuls/id/443699
- http://www.ciac.org/ciac/bulletins/m-027.shtml
- http://www.securityfocus.com/bid/3578
- http://www.osvdb.org/3033
- http://marc.info/?l=bugtraq&m=100835204509262&w=2
- http://marc.info/?l=bugtraq&m=100861273114437&w=2
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A921
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7703
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-058