7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.061 Low
EPSS
Percentile
93.5%
Microsoft Internet Explorer (IE) may handle executable content automatically, opening it with another application on the client host that may, in turn, instruct the operating system to execute the file.
IE does not properly verify the Content-Disposition and Content-Type headers of downloaded files. As a result, it may be manipulated to open an executable file with forged Content-Disposition and Content-Type headers, using the helper application associated with the MIME type specified by the forged headers.
Arbitrary code in the malicious file may be executed, with privileges of the client user.
Apply a patch from your vendor
See Microsoft Security Bulletin MS02-023 for more information:
<http://www.microsoft.com/technet/security/bulletin/MS02-023.asp>
916795
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: May 30, 2002 Updated: June 04, 2002
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
See Microsoft Security Bulletin MS02-023 for more information:
<http://www.microsoft.com/technet/security/bulletin/MS02-023.asp>
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23916795 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
Thanks to Microsoft for reporting this vulnerability.
This document was written by Shawn Van Ittersum.
CVE IDs: | CVE-2002-0193 |
---|---|
Severity Metric: | 12.38 Date Public: |