| Vulnerability Name: | CVE-2000-0790 (CCN-5097) | ||||||||
| Assigned: | 2000-08-15 | ||||||||
| Published: | 2000-08-15 | ||||||||
| Updated: | 2017-10-10 | ||||||||
| Summary: | The web-based folder display capability in Microsoft Internet Explorer 5.5 on Windows 98 allows local users to insert Trojan horse programs by modifying the Folder.htt file and using the InvokeVerb method in the ShellDefView ActiveX control to specify a default execute option for the first file that is listed in the folder. | ||||||||
| CVSS v3 Severity: | 5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Mon Aug 14 2000 - 13:14:38 CDT IE 5.5/5.x for Win98 may execute arbitrary files that can be accessed thru Microsoft Networking. Also local Administrator compromise at least on default Windows 2000. Source: MITRE Type: CNA CVE-2000-0790 Source: CCN Type: OSVDB ID: 1510 Microsoft IE Folder.htt Modification Privilege Escalation Source: BID Type: Vendor Advisory 1571 Source: CCN Type: BID-1571 Microsoft Windows 98/2000 Folder.htt Vulnerability Source: BUGTRAQ Type: Vendor Advisory 20000828 IE 5.5/5.x for Win98 may execute arbitrary files that can be accessed thru Microsoft Networking. Also local Administrator compromise at least on default Windows 2000. Source: XF Type: UNKNOWN ie-folder-remote-exe(5097) Source: XF Type: UNKNOWN ie-folder-remote-exe(5097) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||