Vulnerabilities > CVE-2002-0023 - Unspecified vulnerability in Microsoft Internet Explorer 5.01/5.5/6.0

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

microsoft

exploit available

NVD

Published: 2002-03-08

Updated: 2021-07-23

Summary

Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read arbitrary files via malformed requests to the GetObject function, which bypass some of GetObject's security checks.

Vulnerable Configurations

Part	Description	Count
Application	Microsoft Microsoft Internet Explorer 5.5 Microsoft Internet Explorer 6.0 Microsoft Internet Explorer 5.01	3

Exploit-Db

description	Microsoft Internet Explorer 5/6 GetObject File Disclosure Vulnerability. CVE-2002-0023. Remote exploit for windows platform
id	EDB-ID:21195
last seen	2016-02-02
modified	2002-01-01
published	2002-01-01
reporter	Georgi Guninski
source	https://www.exploit-db.com/download/21195/
title	Microsoft Internet Explorer 5/6 GetObject File Disclosure Vulnerability

Oval

accepted

2014-02-24T04:00:22.161-05:00

class

vulnerability

contributors

name David Proulx
organization The MITRE Corporation
name Christine Walzer
organization The MITRE Corporation
name Maria Mikhno
organization ALTX-SOFT

description

Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read arbitrary files via malformed requests to the GetObject function, which bypass some of GetObject's security checks.

family

windows

oval:org.mitre.oval:def:17

status

accepted

submitted

2003-11-12T05:00:00.000-04:00

title

IE GetObject Security Bypass

version

accepted

2014-02-24T04:03:17.744-05:00

class

vulnerability

contributors

name David Proulx
organization The MITRE Corporation
name Maria Mikhno
organization ALTX-SOFT

description

Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read arbitrary files via malformed requests to the GetObject function, which bypass some of GetObject's security checks.

family

windows

oval:org.mitre.oval:def:40

status

accepted

submitted

2003-11-12T12:00:00.000-04:00

title

IE v5.5,SP2 GetObject File Retrieval

version

accepted

2014-02-24T04:03:20.775-05:00

class

vulnerability

contributors

name David Proulx
organization The MITRE Corporation
name Robert L. Hollis
organization ThreatGuard, Inc.
name Robert L. Hollis
organization ThreatGuard, Inc.
name Robert L. Hollis
organization ThreatGuard, Inc.
name Robert L. Hollis
organization ThreatGuard, Inc.
name Robert L. Hollis
organization ThreatGuard, Inc.
name Robert L. Hollis
organization ThreatGuard, Inc.
name Robert L. Hollis
organization ThreatGuard, Inc.
name Robert L. Hollis
organization ThreatGuard, Inc.
name Maria Mikhno
organization ALTX-SOFT

description

Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read arbitrary files via malformed requests to the GetObject function, which bypass some of GetObject's security checks.

family

windows

oval:org.mitre.oval:def:50

status

accepted

submitted

2003-11-12T12:00:00.000-04:00

title

IE v5.01 GetObject File Retrieval

version

accepted

2014-02-24T04:03:26.783-05:00

class

vulnerability

contributors

name David Proulx
organization The MITRE Corporation
name Maria Mikhno
organization ALTX-SOFT

description

Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read arbitrary files via malformed requests to the GetObject function, which bypass some of GetObject's security checks.

family

windows

oval:org.mitre.oval:def:77

status

accepted

submitted

2003-11-12T12:00:00.000-04:00

title

IE v5.5 GetObject File Retrieval

version

Summary

Vulnerable Configurations

Exploit-Db

Oval

References