Vulnerabilities > CVE-2001-0875 - Unspecified vulnerability in Microsoft Internet Explorer 5.5/6.0

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
microsoft
exploit available
NVD
Published: 2001-11-26
Updated: 2021-07-23

Summary

Internet Explorer 5.5 and 6.0 allows remote attackers to cause the File Download dialogue box to misrepresent the name of the file in the dialogue in a way that could fool users into thinking that the file type is safe to download.

Vulnerable Configurations

Part Description Count
Application
Microsoft
2

Exploit-Db

  • descriptionMS Internet Explorer 6.0 SP2 File Download Security Warning Bypass. CVE-2001-0875. Remote exploit for windows platform
    idEDB-ID:641
    last seen2016-01-31
    modified2004-11-19
    published2004-11-19
    reportercyber_flash
    sourcehttps://www.exploit-db.com/download/641/
    titleMicrosoft Internet Explorer 6.0 SP2 File Download Security Warning Bypass
  • descriptionMicrosoft Internet Explorer 5.5/6.0 Spoofable File Extensions Vulnerability. CVE-2001-0875. Remote exploit for windows platform
    idEDB-ID:21164
    last seen2016-02-02
    modified2001-11-26
    published2001-11-26
    reporterStatiC
    sourcehttps://www.exploit-db.com/download/21164/
    titleMicrosoft Internet Explorer 5.5/6.0 Spoofable File Extensions Vulnerability

Oval

accepted2016-02-19T10:00:00.000-04:00
classvulnerability
contributors
  • nameTiffany Bergeron
    organizationThe MITRE Corporation
  • nameHarvey Rubinovitz
    organizationThe MITRE Corporation
  • nameChristine Walzer
    organizationThe MITRE Corporation
  • nameMaria Mikhno
    organizationALTX-SOFT
  • nameMaria Mikhno
    organizationALTX-SOFT
descriptionInternet Explorer 5.5 and 6.0 allows remote attackers to cause the File Download dialogue box to misrepresent the name of the file in the dialogue in a way that could fool users into thinking that the file type is safe to download.
familywindows
idoval:org.mitre.oval:def:1014
statusaccepted
submitted2004-04-29T04:00:00.000-04:00
titleIE File Download Dialog Deception Vulnerability
version70

References