Oval Definition:
oval:org.mitre.oval:def:141
Revision Date
:
2016-02-19
Version
:
50
Title
:
Microsoft Internet Explorer MIME Hack
Description
:
HTML e-mail feature in Internet Explorer 5.5 and earlier allows attackers to execute attachments by setting an unusual MIME type for the attachment, which Internet Explorer does not process correctly.
Family
:
windows
Class
:
vulnerability
Status
:
ACCEPTED
Reference(s)
:
CVE-2001-0154
Platform(s)
:
Microsoft Windows 2000
Product(s)
:
Microsoft Internet Explorer
Definition Synopsis
Software section
Internet Explorer 5.01 Installed
Internet Explorer 5.01 Installed
OR
Internet Explorer 5.01 Installed
OR
Internet Explorer 5.01 Installed
OR
Internet Explorer 5.01 Installed
OR
Internet Explorer 5.01 Installed
OR
Internet Explorer 5.01 Installed
AND
File %windir%\system32\shdocvw.dll version is less than 5.0.3214.2000
AND
NOT
the patch q290108 is installed
AND
NOT
Patch Q295106 Installed
AND
NOT
Win2K/XP/2003/Vista/2008 service pack 2 is installed
AND
Configuration section
file downloads are enabled
current user settings are being used and file downloads are enabled
NOT
use machine settings rather than individual user settings
AND
file downloads are enabled for the local machine
AND
local machine settings are being used and file downloads are enabled
use machine settings rather than individual user settings
AND
file downloads are enabled for the current user
BACK