7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.6 High
AI Score
Confidence
Low
0.061 Low
EPSS
Percentile
93.5%
Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the first variant of the “Content Disposition” vulnerability.
www.securityfocus.com/bid/4752
docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-023
exchange.xforce.ibmcloud.com/vulnerabilities/9085
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A27
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A99