Vulnerabilities > CVE-2001-0727 - Unspecified vulnerability in Microsoft Internet Explorer 5.5/6.0

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
microsoft
NVD
Published: 2001-12-14
Updated: 2021-07-23

Summary

Internet Explorer 6.0 allows remote attackers to execute arbitrary code by modifying the Content-Disposition and Content-Type header fields in a way that causes Internet Explorer to believe that the file is safe to open without prompting the user, aka the "File Execution Vulnerability."

Vulnerable Configurations

Part Description Count
Application
Microsoft
2

Oval

accepted2016-05-27T15:00:00.000-04:00
classvulnerability
contributors
  • nameTiffany Bergeron
    organizationThe MITRE Corporation
  • nameHarvey Rubinovitz
    organizationThe MITRE Corporation
  • nameChristine Walzer
    organizationThe MITRE Corporation
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameMaria Mikhno
    organizationALTX-SOFT
  • nameMaria Mikhno
    organizationALTX-SOFT
definition_extensions
commentMicrosoft Internet Explorer 6 is installed
ovaloval:org.mitre.oval:def:563
descriptionInternet Explorer 6.0 allows remote attackers to execute arbitrary code by modifying the Content-Disposition and Content-Type header fields in a way that causes Internet Explorer to believe that the file is safe to open without prompting the user, aka the "File Execution Vulnerability."
familywindows
idoval:org.mitre.oval:def:921
statusaccepted
submitted2004-04-29T04:00:00.000-04:00
titleIE File Execution User-prompt Bypass Vulnerability
version72

Saint

bid3578
descriptionInternet Explorer inline content filename extension vulnerability
idwin_patch_ie_patch
osvdb3033
titleinline_content_filename_ext
typeclient

References