Vulnerabilities > CVE-2002-0193 - Unspecified vulnerability in Microsoft Internet Explorer 5.0.1/6.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the first variant of the "Content Disposition" vulnerability.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 4 |
Exploit-Db
| description | Microsoft Internet Explorer 5.0.1/6.0 Content-Disposition Handling File Execution Vulnerability. CVE-2002-0192,CVE-2002-0193. Remote exploit for windows plat... |
| id | EDB-ID:21452 |
| last seen | 2016-02-02 |
| modified | 2002-05-15 |
| published | 2002-05-15 |
| reporter | Jani Laatikainen |
| source | https://www.exploit-db.com/download/21452/ |
| title | Microsoft Internet Explorer 5.0.1/6.0 Content-Disposition Handling File Execution Vulnerability |
Oval
accepted 2014-02-24T04:03:13.538-05:00 class vulnerability contributors name Tiffany Bergeron organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation name Matthew Wojcik organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc. name Robert L. Hollis organization ThreatGuard, Inc. name Robert L. Hollis organization ThreatGuard, Inc. name Robert L. Hollis organization ThreatGuard, Inc. name Robert L. Hollis organization ThreatGuard, Inc. name Robert L. Hollis organization ThreatGuard, Inc. name Robert L. Hollis organization ThreatGuard, Inc. name Robert L. Hollis organization ThreatGuard, Inc. name Shane Shaffer organization G2, Inc. name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc. name Maria Mikhno organization ALTX-SOFT
description Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the first variant of the "Content Disposition" vulnerability. family windows id oval:org.mitre.oval:def:27 status accepted submitted 2004-01-27T12:00:00.000-04:00 title IE v5.01 Content Disposition/Type Arbitrary Code Execution version 73 accepted 2014-02-24T04:03:29.049-05:00 class vulnerability contributors name Andrew Buttner organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation name Matthew Wojcik organization The MITRE Corporation name Shane Shaffer organization G2, Inc. name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc. name Maria Mikhno organization ALTX-SOFT
description Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the first variant of the "Content Disposition" vulnerability. family windows id oval:org.mitre.oval:def:99 status accepted submitted 2004-01-27T05:00:00.000-04:00 title IE v6.0 Content Disposition/Type Arbitrary Code Execution version 73
References
- http://www.securityfocus.com/bid/4752
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A99
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A27
- https://exchange.xforce.ibmcloud.com/vulnerabilities/9085
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-023