Vulnerability Name:

CCN-5566

Published:2000-11-23
Updated:2000-11-23
Summary:Microsoft Internet Explorer allows a malicious Web site operator to inject executable code in the index.dat file, by including Javascript in a URL. Internet Explorer uses the index.dat file to store recently visited URLs and maintain a listing of subfolders in the Temporary Internet Files folder. After code is injected into index.dat, the attacker can parse the file to execute the code, using the OBJECT TYPE="text/html" variable to bypass security restrictions in Internet Explorer. When the file is parsed, the JavaScript executes as trusted code, because index.dat is registered as local content by the Internet Explorer security mechanism.

A malicious Web site operator could use this to execute any malicious JavaScript on a visiting user's computer, including code that would list the names of the cache folders in the Temporary Internet Folders directory. If an attacker knows the names of the cache folders, the attacker can execute other files that have been downloaded to the visiting user's computer and cached in these folders.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Thu Nov 23 2000 - 09:50:01 CST
OBJECT TYPE="text/html" may allow executing arbitrary programs in IE 5.5

Source: CCN
Type: Georgi Guninski Security Advisory #29
OBJECT TYPE="text/html" may allow executing arbitrary programs in IE 5.5

Source: CCN
Type: Georgi Guninski Vulnerability Demonstration
OBJECT DATA="text/html" may allow executing arbitrary programs in IE 5.5 demo

Source: CCN
Type: Microsoft Security Bulletin MS00-055
Patch Available for "Scriptlet Rendering" Vulnerability

Source: CCN
Type: Microsoft Security Bulletin MS00-093
Patch Available for "Browser Print Template" and "File Upload via Form" Vulnerabilities

Source: CCN
Type: Microsoft Security Bulletin MS01-015
IE can Divulge Location of Cached Content

Source: CCN
Type: Microsoft Security Bulletin MS01-027
Flaws in Web Server Certificate Validation Could Enable Spoofing

Source: CCN
Type: BID-1978
Microsoft Internet Explorer 5.5 Index.dat Vulnerability

Source: XF
Type: UNKNOWN
ie-index-execute-code(5566)

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.5:preview:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.5:-:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.1:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.0.1:-:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    microsoft ie 5.0
    microsoft ie 5.5 preview
    microsoft ie 5.5
    microsoft ie 5.5 sp1
    microsoft ie 5.1
    microsoft ie 5.5 sp2
    microsoft ie 5.0.1
    microsoft ie 5.0.1 sp1
    microsoft ie 5.0.1 sp2
    microsoft ie 5.0.1 sp3
    microsoft ie 5.0.1 sp4