7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.826 High
EPSS
Percentile
98.4%
A telnet client can be invoked with unsafe options by arbitrary HTML (“web”) pages when rendered by affected Microsoft Internet Explorer clients.
This vulnerability is also known as the “telnet logging” or “telnet invocation” or “Microsoft IE Telnet Client File Overwrite” vulnerability. A similar vulnerability was first described in Microsoft Security Bulletin MS01-015.
When vulnerable versions of Internet Explorer render HTML with malicious ‘telnet:’ tags, the telnet.exe client can be called with unsafe arguments. A telnet option may be specified which directs transcripts or logs of a telnet session to overwrite or create arbitrary files on a victim’s system. These files could contain data chosen by an attacker to gain further privileges on a target system.
The telnet package used may be installed as part of the Services for UNIX 2.0 package on computers that are running Windows NT 4.0, Windows 2000, or Windows XP.
A remote attacker may write files onto the system of a user who either visited a malicious web site or opened malicious HTML-formatted mail.The vulnerability could be used to place a file onto the victim’s computer which could then run automatically each time the user logged on (i.e., a file installed in the victim’s Start folder can allow arbitrary commands to be executed).
Apply the patch provided by Microsoft at
<http://www.microsoft.com/windows/ie/downloads/critical/q306121/default.asp>
Note this patch can only be applied after having upgraded to Internet Explorer 5.5 Service Pack 2 (SP2), Internet Explorer 5.01 SP2, or having applied the patch fixing the original vulnerability, Q28043.
No previous updates are needed to patch and remove this vulnerability in Internet Explorer 6 clients.
Alternately, remove the telnet client installed as part of the “Services for Unix 2.0” package, if installed.
952611
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: November 28, 2001
Affected
Please see MS01-051 at:
<http://www.microsoft.com/technet/security/bulletin/ms01-051.asp>
Systems affected include:
* Microsoft Internet Explorer versions 5.01 Service Pack 1, 5.5, 5.5 Service Pack 1 for Windows 2000
* Microsoft Internet Explorer versions 5.01 Service Pack 1, 5.5, 5.5 Service Pack 1 for Windows 95
* Microsoft Internet Explorer versions 5.01 Service Pack 1, 5.5, 5.5 Service Pack 1 for Windows 98
* Microsoft Internet Explorer versions 5.01 Service Pack 1, 5.5, 5.5 Service Pack 1 for Windows 98 Second Edition
* Microsoft Internet Explorer versions 5.01 Service Pack 1, 5.5, 5.5 Service Pack 1 for Windows NT 4.0
* Microsoft Internet Explorer version 6 for Windows 2000
* Microsoft Internet Explorer version 6 for Windows 98
* Microsoft Internet Explorer version 6 for Windows 98 Second Edition
* Microsoft Internet Explorer version 6 for Windows Millennium Edition
* Microsoft Internet Explorer version 6 for Windows NT 4.0
* Microsoft Internet Explorer version 6 for Windows XP
The vendor has not provided us with any further information regarding this vulnerability.
The following is a Security Bulletin from the Microsoft Product Security Notification Service.
`Please do not reply to this message, as it was sent from an unattended
mailbox.
-----BEGIN PGP SIGNED MESSAGE-----
- ----------------------------------------------------------------------
Title: Malformed Dotless IP Address Can Cause Web Page to be
Handled in Intranet Zone
Date: 10 October 2001
Software: Internet Explorer
Impact: Three vulnerabilities:
Microsoft encourages customers to review the Security Bulletin at:<http://www.microsoft.com/technet/security/bulletin/MS01-051.asp>
.
Issue:<http://031713501415>
rather than <http://207.46.131.13>
), and the
The second involves how IE handles URLs that specify third-party
The third is a new variant of a vulnerability discussed in Microsoft
Mitigating Factors:Zone Spoofing vulnerability:
Patch Availability:<http://www.microsoft.com/technet/security/bulletin/ms01-051.asp>
Acknowledgment:
- ---------------------------------------------------------------------
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS-----BEGIN PGP SIGNATURE----- Version: PGP 7.1
iQEVAwUBO8TtC40ZSRQxA/UrAQHy0Af+MZN2lTMZ4+pE0uemyAZQjVKW52+L5LkD nzUEE6pUz5ZSCRNQBxjMUD53FDJYuIuopjp65w/Tc2oAnDbLwq0Zjm9p36egJCbG y8v6ZwSgG1SSMsM0IBsH651TLvUjbnURpE5h3aMFwtjUH2I/LmBxV2dGMlmZ4xuN jvNCyulh6o9ES2bxdKCRGznoE1afrbC8FMtaYqVKLRUuhTfQ997Z9wO4cxBSLeKM owHlkmUpL+bHA+to62F3gL/bIkPoYW2+LTG8GHNewJqsib4TNRW3dI+bFfKNhOap jCAzSVF8AtM7vTf1vAUMA1FRoJr25Obg2P3ZAiunvG9LTKeqM1/jbA== =pdOt -----END PGP SIGNATURE-----
******************************************************************* You have received this e-mail bulletin as a result of your registration to the Microsoft Product Security Notification Service. You may unsubscribe from this e-mail notification service at any time by sending an e-mail to [email protected] The subject line and message body are not used in processing the request, and can be anything you like.
To verify the digital signature on this bulletin, please download our PGP key at ``<http://www.microsoft.com/technet/security/notify.asp>``.
For more information on the Microsoft Security Notification Service please visit ``<http://www.microsoft.com/technet/security/notify.asp>``. For security-related information about Microsoft products, please visit the Microsoft Security Advisor web site at ``<http://www.microsoft.com/security>``.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23952611 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
This variant of the IE “Telnet Invocation” vulnerability first discussed in CVE-2001-0150 was discussed in Microsoft Security Bulletin MS01-051.
This document was written by Jeffrey S. Havrilla.
CVE IDs: | CVE-2001-0667 |
---|---|
Severity Metric: | 30.38 Date Public: |
cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0667
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0150
support.microsoft.com/support/kb/articles/Q286/0/43.ASP
www.cert.org/advisories/CA-2001-21.html
www.ciac.org/ciac/bulletins/l-061.shtml
www.microsoft.com/technet/security/bulletin/MS01-015.asp
www.microsoft.com/technet/security/bulletin/MS01-051.asp
www.microsoft.com/windows/ie/download/critical/q286043/default.asp
www.microsoft.com/windows/ie/downloads/critical/q306121/default.asp
www.securityfocus.com/bid/2463
xforce.iss.net/static/6230.php