Vulnerabilities > CVE-2001-1497 - Unspecified vulnerability in Microsoft IE and Internet Explorer

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

local

low complexity

microsoft

NVD

Published: 2001-12-31

Updated: 2021-07-23

Summary

Microsoft Internet Explorer 4.0 through 6.0 could allow local users to differentiate between alphanumeric and non-alphanumeric characters used in a password by pressing certain control keys that jump between non-alphanumeric characters, which makes it easier to conduct a brute-force password guessing attack.

Vulnerable Configurations

Part	Description	Count
Application	Microsoft Microsoft Internet Explorer 4.0.1 Microsoft Internet Explorer 4.0 Microsoft Internet Explorer 5.5 Microsoft Internet Explorer 6.0 Microsoft IE 4.1 Microsoft IE 4.0.1 Microsoft IE 4.0	13

References

http://www.securityfocus.com/archive/1/241323
http://www.securityfocus.com/archive/1/241400
http://www.securityfocus.com/bid/3563
http://www.iss.net/security_center/static/7592.php