Oval Definition:	oval:org.mitre.oval:def:921
Revision Date: 2016-05-27 Version: 49 Title: IE File Execution User-prompt Bypass Vulnerability Description: Internet Explorer 6.0 allows remote attackers to execute arbitrary code by modifying the Content-Disposition and Content-Type header fields in a way that causes Internet Explorer to believe that the file is safe to open without prompting the user, aka the "File Execution Vulnerability." Family: windows Class: vulnerability Status: ACCEPTED Reference(s): CVE-2001-0727 Platform(s): Microsoft Windows 2000 Microsoft Windows 98 Microsoft Windows ME Microsoft Windows NT Microsoft Windows XP Product(s): Microsoft Internet Explorer Definition Synopsis Microsoft Internet Explorer 6 is installed AND the version of mshtml.dll is less than 6.0.2712.0300 AND NOT Patch Q313675 Installed AND NOT the patch q316059 is installed (Installed Components key) AND NOT the patch q319282 is installed (Installed Components key) AND NOT the patch q321232 is installed (Installed Components key) AND NOT the patch q323759 is installed (Installed Components key) AND NOT the patch q328970 is installed (Installed Components key) AND NOT the patch q324929 is installed (Installed Components key) AND NOT the patch q810847 is installed (Installed Components key) AND NOT the patch q813489 is installed (Installed Components key) AND NOT the patch q818529 is installed (Installed Components key) AND NOT the patch q822925 is installed (Installed Components key) AND NOT the patch q828750 is installed (Installed Components key) AND NOT the patch q824145 is installed (Installed Components key) AND NOT the patch q832894 is installed (Installed Components key) AND use machine settings rather than individual user settings AND File Downloads Allowed In At Least One Zone
BACK