Vulnerabilities > CVE-2002-0188 - Unspecified vulnerability in Microsoft Internet Explorer 5.01/6.0

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

microsoft

NVD

Published: 2002-05-29

Updated: 2021-07-23

Summary

Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the second variant of the "Content Disposition" vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Microsoft Microsoft Internet Explorer 5.01 Microsoft Internet Explorer 6.0	4

References

http://www.iss.net/security_center/static/9086.php
http://www.lac.co.jp/security/english/snsadv_e/48_e.html
http://archives.neohapsis.com/archives/bugtraq/2002-05/0126.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-023