| Vulnerability Name: | CCN-13779 | ||||||
| Published: | 2003-11-05 | ||||||
| Updated: | 2003-11-05 | ||||||
| Summary: | Microsoft Internet Explorer is vulnerable to HTML injection. A remote attacker could embed malicious HTML code in an executable HTML file that is written to point back to the executable in the HTML file and execute it. An attacker could exploit this vulnerability to execute arbitrary code in the victim's Web browser within the security context of the hosting site. | ||||||
| CVSS v3 Severity: | 3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||
| CVSS v2 Severity: | 2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.4 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:H/RL:U/RC:UR)
| ||||||
| Vulnerability Consequences: | Gain Access | ||||||
| References: | Source: CCN Type: BugTraq Mailing List, Wed Nov 05 2003 - 11:51:34 CST POS#1 Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part III Source: CCN Type: BID-8984 Microsoft Internet Explorer Self Executing HTML Arbitrary Code Execution Vulnerability Source: XF Type: UNKNOWN ie-html-injection(13779) | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| BACK | |||||||