Vulnerability Name: | CVE-2001-0002 (CCN-5567) | ||||||||
Assigned: | 2000-11-20 | ||||||||
Published: | 2000-11-20 | ||||||||
Updated: | 2021-07-23 | ||||||||
Summary: | Internet Explorer 5.5 and earlier allows remote attackers to obtain the physical location of cached content and open the content in the Local Computer Zone, then use compiled HTML help (.chm) files to execute arbitrary programs. | ||||||||
CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: CCN Type: BugTraq Mailing List, Mon Nov 20 2000 - 10:50:46 CST IE 5.x/Outlook allows executing arbitrary programs using .chm files and temporary internet files folder Source: MITRE Type: CNA CVE-2001-0002 Source: CCN Type: CIAC Information Bulletin L-061 Microsoft IE can Divulge Location of Cached Content Source: MISC Type: UNKNOWN http://www.guninski.com/chmtempmain.html Source: CCN Type: Microsoft Security Bulletin MS01-015 IE can Divulge Location of Cached Content Source: CCN Type: Microsoft Security Bulletin MS01-027 Flaws in Web Server Certificate Validation Could Enable Spoofing Source: OSVDB Type: UNKNOWN 7823 Source: CCN Type: OSVDB ID: 7823 Microsoft IE Cached Content .chm Arbitrary Program Execution Source: BID Type: UNKNOWN 2456 Source: CCN Type: BID-2456 Microsoft IE Temporary Internet Files Folder Disclosure Vulnerability Source: MS Type: UNKNOWN MS01-015 Source: XF Type: UNKNOWN ie-chm-execute-files(5567) Source: XF Type: UNKNOWN ie-chm-execute-files(5567) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:920 | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
Oval Definitions | |||||||||
| |||||||||
BACK |