Vulnerability Name:

CCN-9848

Published:2002-08-12
Updated:2002-08-12
Summary:Microsoft Internet Explorer 6.0 could allow the execution of malicious script within an HTM file from within the Internet Explorer Temporary Internet File (TIF) directory. A remote attacker could send an email with an attached HTM file with malicious PHP script referenced as an iframe source. When the attachment is opened, the malicious script could determine the exact location of the TIF directory and cause an external file to be downloaded and executed from within this directory.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Mon Aug 12 2002 - 21:36:26 CDT
SAME LADY, DIFFERENT DRESS: Internet Explorer 6

Source: CCN
Type: Microsoft Corporation Web site
Internet Explorer 6 Service Pack 1

Source: CCN
Type: BID-5450
Microsoft Internet Explorer File Attachment Script Execution Vulnerability

Source: XF
Type: UNKNOWN
ie-htm-script-execution(9848)

Source: CCN
Type: Microsoft Knowledge Base Article 326489
List of Issues Fixed in Internet Explorer 6 Service Packs

Source: CCN
Type: Microsoft Knowledge Base Article 328548
How to Obtain the Latest Service Pack for Internet Explorer 6

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    microsoft ie 6.0