SAINT CorporationSAINT:B6A8458DA1F6724A612DDD2077874151Internet Explorer inline content filename extension vulnerability
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.963 High
EPSS
Percentile
99.5%
Added: 11/25/2005
CVE: CVE-2001-0727
BID: 3578
OSVDB: 3033
Background
Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems.
Problem
Using a null byte (%00) in the filename field found in the Content-disposition header, a remote web server may be able to disguise the content type of a downloaded file, leading to code execution. If “inline” is specified in the Content-disposition header, command execution could automatically occur without any user interaction.
Resolution
Install the patch referenced in Microsoft Security Bulletin 01-058.
References
<http://archives.neohapsis.com/archives/bugtraq/2002-01/0177.html>
Limitations
This exploit requires a user on the affected system to follow a link to the exploit using Internet Explorer.
Platforms
Windows
Related
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.963 High
EPSS
Percentile
99.5%