Vulnerability Name:

CVE-2000-0201 (CCN-4601)

Assigned:2000-03-01
Published:2000-03-01
Updated:2021-07-23
Summary:The window.showHelp() method in Internet Explorer 5.x does not restrict HTML help files (.chm) to be executed from the local host, which allows remote attackers to execute arbitrary commands via Microsoft Networking.
CVSS v3 Severity:5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Wed Mar 01 2000 - 09:32:06 CST
IE 5.x allows executing arbitrary programs using .chm files

Source: CCN
Type: BugTraq Mailing List, Mon Nov 20 2000 - 10:50:46 CST
IE 5.x/Outlook allows executing arbitrary programs using .chm files and temporary internet files folder

Source: MITRE
Type: CNA
CVE-2000-0201

Source: CCN
Type: CERT Advisory CA-2000-12
HHCtrl ActiveX Control Allows Local Files to be Executed

Source: CCN
Type: US-CERT VU#25249
HHControl Object (showHelp) may execute shortcuts embedded in help files

Source: CCN
Type: Microsoft Security Bulletin MS00-037
Patch Available for 'HTML Help File Code Execution' Vulnerability

Source: CCN
Type: Microsoft Security Bulletin MS02-055
Unchecked Buffer in Windows Help Facility Could Enable Code Execution (Q323255)

Source: CCN
Type: OSVDB ID: 14793
Microsoft IE window.showHelp() HTML Help File Arbitrary Command Execution

Source: BID
Type: UNKNOWN
1033

Source: CCN
Type: BID-1033
MS IE HTML Help Shortcut Vulnerability

Source: XF
Type: UNKNOWN
ie-html-helpfile-execute(4601)

Source: CCN
Type: Microsoft Knowledge Base Article 259166
UNC Path Can Be Used to Start Programs by Using .chm Files

Vulnerable Configuration:Configuration 1:
  • cpe:/a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:microsoft:internet_explorer:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:4.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    microsoft internet explorer 5.01
    microsoft internet explorer 5.0
    microsoft ie 4.0
    microsoft ie 4.0.1
    microsoft ie 5.0
    microsoft ie 5.01