7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.963 High
EPSS
Percentile
99.5%
Added: 11/25/2005
CVE: CVE-2001-0727
BID: 3578
OSVDB: 3033
Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems.
Using a null byte (%00) in the filename field found in the Content-disposition header, a remote web server may be able to disguise the content type of a downloaded file, leading to code execution. If “inline” is specified in the Content-disposition header, command execution could automatically occur without any user interaction.
Install the patch referenced in Microsoft Security Bulletin 01-058.
<http://archives.neohapsis.com/archives/bugtraq/2002-01/0177.html>
This exploit requires a user on the affected system to follow a link to the exploit using Internet Explorer.
Windows