Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
certCERTVU:916795
HistorySep 24, 2002 - 12:00 a.m.

Microsoft Internet Explorer (MSIE) Content-Disposition vulnerabilities

2002-09-2400:00:00
www.kb.cert.org
22

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.061 Low

EPSS

Percentile

93.5%

JSON

Overview

Microsoft Internet Explorer (IE) may handle executable content automatically, opening it with another application on the client host that may, in turn, instruct the operating system to execute the file.

Description

IE does not properly verify the Content-Disposition and Content-Type headers of downloaded files. As a result, it may be manipulated to open an executable file with forged Content-Disposition and Content-Type headers, using the helper application associated with the MIME type specified by the forged headers.

Impact

Arbitrary code in the malicious file may be executed, with privileges of the client user.

Solution

Apply a patch from your vendor

See Microsoft Security Bulletin MS02-023 for more information:

<http://www.microsoft.com/technet/security/bulletin/MS02-023.asp&gt;

Vendor Information

916795

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Microsoft Corporation __ Affected

Notified: May 30, 2002 Updated: June 04, 2002

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

See Microsoft Security Bulletin MS02-023 for more information:

<http://www.microsoft.com/technet/security/bulletin/MS02-023.asp&gt;

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23916795 Feedback>).

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

Thanks to Microsoft for reporting this vulnerability.

This document was written by Shawn Van Ittersum.

Other Information

CVE IDs: CVE-2002-0193
Severity Metric: 12.38 Date Public:

Related

cve 2
cvelist 1
nvd 2
openvas 2
cve
cve
CVE-2002-0193
2004-09-01 04:00:00
CVE-2002-0192
2002-05-29 04:00:00
cvelist
cvelist
CVE-2002-0193
2004-09-01 04:00:00
nvd
nvd
CVE-2002-0193
2002-05-29 04:00:00
CVE-2002-0192
2002-05-29 04:00:00
openvas
openvas
IE 5.01 5.5 6.0 Cumulative patch (890923)
2005-11-03 00:00:00
IE 5.01 5.5 6.0 Cumulative patch (890923)
2005-11-03 00:00:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.061 Low

EPSS

Percentile

93.5%

JSON
Related for VU:916795
cve2cvelist1nvd2openvas2