ID CVE-2001-0154 Type cve Reporter NVD Modified 2017-10-09T21:29:37
Description
HTML e-mail feature in Internet Explorer 5.5 and earlier allows attackers to execute attachments by setting an unusual MIME type for the attachment, which Internet Explorer does not process correctly.
{"id": "CVE-2001-0154", "bulletinFamily": "NVD", "title": "CVE-2001-0154", "description": "HTML e-mail feature in Internet Explorer 5.5 and earlier allows attackers to execute attachments by setting an unusual MIME type for the attachment, which Internet Explorer does not process correctly.", "published": "2001-05-03T00:00:00", "modified": "2017-10-09T21:29:37", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-0154", "reporter": "NVD", "references": ["http://www.cert.org/advisories/CA-2001-06.html", "http://www.microsoft.com/technet/security/bulletin/MS01-020.asp", "http://securitytracker.com/id?1001197", "https://exchange.xforce.ibmcloud.com/vulnerabilities/6306", "http://www.securityfocus.com/bid/2524", "http://www.ciac.org/ciac/bulletins/l-066.shtml", "http://marc.info/?l=bugtraq&m=98596775905044&w=2"], "cvelist": ["CVE-2001-0154"], "type": "cve", "lastseen": "2017-10-10T10:34:41", "history": [{"bulletin": {"assessment": {"href": "http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:141", "name": "oval:org.mitre.oval:def:141", "system": "http://oval.mitre.org/XMLSchema/oval-definitions-5"}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:microsoft:ie:5.5", "cpe:/a:microsoft:ie:5.01"], "cvelist": ["CVE-2001-0154"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "HTML e-mail feature in Internet Explorer 5.5 and earlier allows attackers to execute attachments by setting an unusual MIME type for the attachment, which Internet Explorer does not process correctly.", "edition": 2, "enchantments": {}, "hash": "c5ae80886cd58ff9bc94a8f6a806ee1f823a3d441978aad31f3ede8fcd5028d4", "hashmap": [{"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "aa5fb645bbad12211b20ebfc351cb090", "key": "modified"}, {"hash": "11f54a954318df8cf18907285d7d488e", "key": "cpe"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "ab997b4408db2a44f9b4aa2534cb70f2", "key": "title"}, {"hash": "8636a29e0b2bd1ecec16ccc82cdbfe59", "key": "cvelist"}, {"hash": "5aa78f8279ded8c54ff71c4a525529e4", "key": "href"}, {"hash": "1146001a7d01649401195721d829b0ee", "key": "published"}, {"hash": "4f9bf2cd16032538f20d53c9ca07ad28", "key": "assessment"}, {"hash": "d3576c93676f8916921a52c3379b7c86", "key": "scanner"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "5cd3fcff48c10eeaabbae578fc1f6447", "key": "references"}, {"hash": "8334c5a5032e9978f4e0e8e67982767a", "key": "description"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-0154", "id": "CVE-2001-0154", "lastseen": "2017-04-18T15:49:27", "modified": "2016-10-17T22:10:03", "objectVersion": "1.2", "published": "2001-05-03T00:00:00", "references": ["http://xforce.iss.net/xforce/xfdb/6306", "http://www.cert.org/advisories/CA-2001-06.html", "http://www.microsoft.com/technet/security/bulletin/MS01-020.asp", "http://securitytracker.com/id?1001197", "http://www.securityfocus.com/bid/2524", "http://www.ciac.org/ciac/bulletins/l-066.shtml", "http://marc.info/?l=bugtraq&m=98596775905044&w=2"], "reporter": "NVD", "scanner": [{"href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:141", "name": "oval:org.mitre.oval:def:141", "system": "http://oval.mitre.org/XMLSchema/oval-definitions-5"}], "title": "CVE-2001-0154", "type": "cve", "viewCount": 4}, "differentElements": ["references", "assessment", "modified"], "edition": 2, "lastseen": "2017-04-18T15:49:27"}, {"bulletin": {"assessment": {"href": "http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:141", "name": "oval:org.mitre.oval:def:141", "system": "http://oval.mitre.org/XMLSchema/oval-definitions-5"}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:microsoft:ie:5.5", "cpe:/a:microsoft:ie:5.01"], "cvelist": ["CVE-2001-0154"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "HTML e-mail feature in Internet Explorer 5.5 and earlier allows attackers to execute attachments by setting an unusual MIME type for the attachment, which Internet Explorer does not process correctly.", "edition": 1, "hash": "7cad93f24f41e03a0ccf986edfe40c811922b7252ed1bc3ee4a198c0272a2828", "hashmap": [{"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "11f54a954318df8cf18907285d7d488e", "key": "cpe"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "ab997b4408db2a44f9b4aa2534cb70f2", "key": "title"}, {"hash": "8636a29e0b2bd1ecec16ccc82cdbfe59", "key": "cvelist"}, {"hash": "5aa78f8279ded8c54ff71c4a525529e4", "key": "href"}, {"hash": "1146001a7d01649401195721d829b0ee", "key": "published"}, {"hash": "4f9bf2cd16032538f20d53c9ca07ad28", "key": "assessment"}, {"hash": "d3576c93676f8916921a52c3379b7c86", "key": "scanner"}, {"hash": "4ff560b7fcb997e3c63eab28bacbd2c5", "key": "modified"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "8334c5a5032e9978f4e0e8e67982767a", "key": "description"}, {"hash": "36493a79337cb9f9f3fbd7a52b4cdeac", "key": "references"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-0154", "id": "CVE-2001-0154", "lastseen": "2016-09-03T02:53:52", "modified": "2008-09-05T16:23:24", "objectVersion": "1.2", "published": "2001-05-03T00:00:00", "references": ["http://xforce.iss.net/xforce/xfdb/6306", "http://www.cert.org/advisories/CA-2001-06.html", "http://www.microsoft.com/technet/security/bulletin/MS01-020.asp", "http://securitytracker.com/id?1001197", "http://www.securityfocus.com/bid/2524", "http://www.ciac.org/ciac/bulletins/l-066.shtml", "http://marc.theaimsgroup.com/?l=bugtraq&m=98596775905044&w=2"], "reporter": "NVD", "scanner": [{"href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:141", "name": "oval:org.mitre.oval:def:141", "system": "http://oval.mitre.org/XMLSchema/oval-definitions-5"}], "title": "CVE-2001-0154", "type": "cve", "viewCount": 3}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T02:53:52"}], "edition": 3, "hashmap": [{"key": "assessment", "hash": "c4401ae50fa92fb9af66709bae3ce365"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "11f54a954318df8cf18907285d7d488e"}, {"key": "cvelist", "hash": "8636a29e0b2bd1ecec16ccc82cdbfe59"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "8334c5a5032e9978f4e0e8e67982767a"}, {"key": "href", "hash": "5aa78f8279ded8c54ff71c4a525529e4"}, {"key": "modified", "hash": "19e6229eac06b8857fbb766bfe70d68a"}, {"key": "published", "hash": "1146001a7d01649401195721d829b0ee"}, {"key": "references", "hash": "238c256f8a338e4bb29299df2494a65e"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d3576c93676f8916921a52c3379b7c86"}, {"key": "title", "hash": "ab997b4408db2a44f9b4aa2534cb70f2"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "affd6e831f75567944a18e2122cea69f5d431db5558115946a976e92427b6a0f", "viewCount": 4, "enchantments": {"vulnersScore": 7.5}, "objectVersion": "1.3", "cpe": ["cpe:/a:microsoft:ie:5.5", "cpe:/a:microsoft:ie:5.01"], "assessment": {"href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A141", "name": "oval:org.mitre.oval:def:141", "system": "http://oval.mitre.org/XMLSchema/oval-definitions-5"}, "scanner": [{"href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:141", "name": "oval:org.mitre.oval:def:141", "system": "http://oval.mitre.org/XMLSchema/oval-definitions-5"}]}
{"result": {"cert": [{"id": "VU:980499", "type": "cert", "title": "Certain MIME types can cause Internet Explorer to execute arbitrary code when rendering HTML", "description": "### Overview\n\nA vulnerability exists in Microsoft Internet Explorer that allows a malicious agent to execute arbitrary code when parsing MIME parts in a document. Any user or program that uses vulnerable versions of Internet Explorer to render HTML in a document (for example, when browsing a filesystem, reading email or news messages, or visiting a web page), should immediately upgrade to a non-vulnerable version of Internet Explorer.\n\n### Description\n\nInternet Explorer contains a [table](<http://msdn.microsoft.com/workshop/networking/moniker/overview/appendix_a.asp>) which is used to determine the handling of [MIME](<http://www.ietf.org/rfc/rfc2045.txt>) types encountered in any HTML document (email messages, newsgroup postings, web pages, or local files). This table contains a set of entries that cause Internet Explorer to do the wrong thing with certain MIME parts, introducing a security vulnerability. Specifically, these incorrect entries lead IE to open specific MIME parts without giving the end user the opportunity to say if they should be opened. This vulnerability allows an intruder to construct a malicious content that, when viewed in Internet Explorer (or any program that uses the IE HTML rendering engine) can execute arbitrary code. It is not necessary to run an attachment; simply viewing the document in a vulnerable program is sufficient. \n\nThe systems affected by this vulnerability include: \n\n\n * All Windows versions of Microsoft Internet Explorer 5.5 SP1 or earlier, except IE 5.01 SP2, running on x86 platforms \n * Any software which utilizes vulnerable versions of Internet Explorer to render HTML\n \nIE 6 is not affected by this issue. \n \nFor more details, see Microsoft Security Bulletin MS01-020 (or Microsoft Knowledgebase article [Q290108](<http://support.microsoft.com/support/kb/articles/Q290/1/08.ASP>)) on this topic at: \n\n\n<http://www.microsoft.com/technet/security/bulletin/MS01-020.asp> \nNote: The above patch has been superseded by the IE 5.5 patches discussed in [MS01-027](<http://www.microsoft.com/technet/security>). On May 15, 2002, Microsoft released a cumulative set of patches for Internet Explorer as discussed in [MS02-023](<http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-023.asp>). \n \nThere have been reports that simply previewing HTML content (as in a mail client or filesystem browser) is sufficient to trigger the vulnerability. \n \nThis vulnerability is now being actively exploited. More information about the activity and remediation can be found in CERT Advisory [CA-2001-26](<http://www.cert.org/advisories/CA-2001-26.html>): Nimda Worm. This vulnerability has been exploited further, as discussed in CERT Incident Note [IN-2002-05](<http://www.cert.org/incident_notes/IN-2002-05.html>). \n \n--- \n \n### Impact\n\nAttackers can cause arbitrary code to be executed on a victim's system by embedding the code in a malicious email, or news message, or web page. \n \n--- \n \n### Solution\n\nUpgrade to IE 6, or apply the patch from Microsoft, available at: \n\n\n<http://www.microsoft.com/windows/ie/download/critical/Q290108/default.asp> \nNote: The above patch has been superseded by the IE 5.5 patches discussed in [MS01-027](<http://www.microsoft.com/technet/security>). A cumulative patch for this and other vulnerabilities is discussed in [MS02-023](<http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-023.asp>). \n \n--- \n \n \nIt has been reported that upgrading to the latest version of Windows Media Player is an additional means to protect yourself from this problem. Although this appears to protect you from a specific way to exploit this vulnerability, we do not believe it is a general purpose fix. Disabling File Downloading in all of your Security Zones will also mitigate against the risks posed by the vulnerability. \n \n--- \n \n### Systems Affected \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nLotus Software| | 30 Mar 2001| 05 Apr 2001 \nMicrosoft Corporation| | -| 17 Jul 2002 \nCyrusoft| | 30 Mar 2001| 30 Mar 2001 \nNetscape Communications Corporation| | 30 Mar 2001| 12 Apr 2001 \nOpera Software| | 30 Mar 2001| 02 Apr 2001 \nQUALCOMM| | 30 Mar 2001| 30 Mar 2001 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23980499 Vendor Status Inquiry>).\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | N/A | N/A \n \n### References\n\n * <http://www.cert.org/advisories/CA-2001-06.html>\n * <http://www.cert.org/advisories/CA-2001-26.html>\n * <http://www.microsoft.com/technet/security/bulletin/MS01-020.asp>\n * <http://www.microsoft.com/technet/security/bulletin/MS01-027.asp>\n * <http://support.microsoft.com/support/kb/articles/Q299/6/18.ASP>\n * <http://support.microsoft.com/support/kb/articles/Q290/1/08.ASP>\n * <http://www.kriptopolis.com/>\n * <http://www.faqs.org/rfcs/rfc2387.html>\n * <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0154>\n * <http://www.securityfocus.com/bid/2524>\n * <http://www.securitytracker.com/alerts/2001/Mar/1001197.html>\n * <http://msdn.microsoft.com/workshop/networking/moniker/overview/appendix_a.asp>\n * <http://www.ietf.org/rfc/rfc2045.txt>\n\n### Credit\n\nMicrosoft has acknowledged [Juan Carlos Cuartango](<http://www.kriptopolis.com/>) as bringing this issue to their attention.\n\nThis document was written by Jeffrey S. Havrilla and Shawn V. Hernan. \n\n### Other Information\n\n * CVE IDs: [CVE-2001-0154](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-0154>)\n * CERT Advisory: [CA-2001-06](<http://www.cert.org/advisories/CA-2001-06.html>)\n * Date Public: 29 Mar 2001\n * Date First Published: 30 Mar 2001\n * Date Last Updated: 05 Mar 2004\n * Severity Metric: 60.75\n * Document Revision: 40\n\n", "published": "2001-03-30T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.kb.cert.org/vuls/id/980499", "cvelist": ["CVE-2001-0154", "CVE-2001-0154", "CVE-2001-0154"], "lastseen": "2016-02-03T09:12:46"}], "openvas": [{"id": "OPENVAS:136141256231011135", "type": "openvas", "title": "Bugbear worm", "description": "BugBear backdoor is listening on this port. \nA cracker may connect to it to retrieve secret \ninformation, e.g. passwords or credit card numbers...\n\nThe BugBear worm includes a key logger and can kill \nantivirus or personal firewall softwares. It propagates \nitself through email and open Windows shares.\nDepending on the antivirus vendor, it is known as: Tanatos, \nI-Worm.Tanatos, NATOSTA.A, W32/Bugbear-A, Tanatos, W32/Bugbear@MM, \nWORM_BUGBEAR.A, Win32.BugBear...\n\nhttp://www.sophos.com/virusinfo/analyses/w32bugbeara.html\nhttp://www.ealaddin.com/news/2002/esafe/bugbear.asp\nhttp://securityresponse.symantec.com/avcenter/venc/data/w32.bugbear@mm.html\nhttp://vil.nai.com/vil/content/v_99728.htm\n\nReference : http://online.securityfocus.com/news/1034\nReference : http://support.microsoft.com/default.aspx?scid=KB;en-us;329770&", "published": "2005-11-03T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231011135", "cvelist": ["CVE-2001-0154"], "lastseen": "2018-04-06T11:08:05"}, {"id": "OPENVAS:11135", "type": "openvas", "title": "Bugbear worm", "description": "BugBear backdoor is listening on this port. \nA cracker may connect to it to retrieve secret \ninformation, e.g. passwords or credit card numbers...\n\nThe BugBear worm includes a key logger and can kill \nantivirus or personal firewall softwares. It propagates \nitself through email and open Windows shares.\nDepending on the antivirus vendor, it is known as: Tanatos, \nI-Worm.Tanatos, NATOSTA.A, W32/Bugbear-A, Tanatos, W32/Bugbear@MM, \nWORM_BUGBEAR.A, Win32.BugBear...\n\nhttp://www.sophos.com/virusinfo/analyses/w32bugbeara.html\nhttp://www.ealaddin.com/news/2002/esafe/bugbear.asp\nhttp://securityresponse.symantec.com/avcenter/venc/data/w32.bugbear@mm.html\nhttp://vil.nai.com/vil/content/v_99728.htm\n\nReference : http://online.securityfocus.com/news/1034\nReference : http://support.microsoft.com/default.aspx?scid=KB;en-us;329770&", "published": "2005-11-03T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=11135", "cvelist": ["CVE-2001-0154"], "lastseen": "2017-07-02T21:09:10"}], "osvdb": [{"id": "OSVDB:7806", "type": "osvdb", "title": "Microsoft IE HTML E-mail Feature Unusual MIME Type Command Execution", "description": "# No description provided by the source\n\n## References:\nMicrosoft Security Bulletin: MS01-020\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2001-04/0016.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2001-03/0474.html\nISS X-Force ID: 6306\n[CVE-2001-0154](https://vulners.com/cve/CVE-2001-0154)\nCIAC Advisory: l-066\nCERT VU: 980499\nCERT: CA-2001-06\nBugtraq ID: 2524\n", "published": "2001-03-30T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:7806", "cvelist": ["CVE-2001-0154"], "lastseen": "2017-04-28T13:20:02"}], "nessus": [{"id": "BUGBEAR.NASL", "type": "nessus", "title": "Bugbear Worm Detection", "description": "The BugBear backdoor is listening on this port. An attacker may connect to it to retrieve secret information such as passwords, credit card numbers, etc.\n\nThe BugBear worm includes a keylogger and can kill antivirus and firewall software. It propagates through email and open Windows shares.\n\nDepending on the antivirus vendor, it is known as Tanatos, I-Worm.Tanatos, NATOSTA.A, W32/Bugbear-A, Tanatos, W32/Bugbear@MM, WORM_BUGBEAR.A, Win32.BugBear...", "published": "2002-10-03T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=11135", "cvelist": ["CVE-2001-0154"], "lastseen": "2017-08-31T16:29:14"}]}}
