Vulnerability Name:

CVE-2001-0150 (CCN-6230)

Assigned:2001-03-06
Published:2001-03-06
Updated:2021-07-23
Summary:Internet Explorer 5.5 and earlier executes Telnet sessions using command line arguments that are specified by the web site, which could allow remote attackers to execute arbitrary commands if the IE client is using the Telnet client provided in Services for Unix (SFU) 2.0, which creates session transcripts.
CVSS v3 Severity:5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:File Manipulation
References:Source: CCN
Type: BugTraq Mailing List, Tue Mar 13 2001 - 18:00:54 CST
Internet Explorer and Services for Unix 2.0 Telnet Client

Source: MITRE
Type: CNA
CVE-2001-0150

Source: CCN
Type: CIAC Information Bulletin L-061
Microsoft IE can Divulge Location of Cached Content

Source: CCN
Type: CIAC Information Bulletin M-024
Microsoft Internet Explorer calls telnet.exe with unsafe command-line arguments

Source: CCN
Type: Microsoft Security Bulletin MS01-015
IE can Divulge Location of Cached Content

Source: CCN
Type: Microsoft Security Bulletin MS01-027
Flaws in Web Server Certificate Validation Could Enable Spoofing

Source: CCN
Type: Microsoft Security Bulletin MS02-001
Trusting Domains Do Not Verify Domain Membership of SIDs in Authorization Data

Source: CCN
Type: Microsoft Security Bulletin MS02-018
Cumulative Patch for Internet Information Services (Q319733)

Source: CCN
Type: Microsoft Windows Update for Internet Explorer
Security Update 2, February 27, 2001

Source: CCN
Type: Microsoft Knowledge Base Article 312461
Security Update, November 13, 2001

Source: OSVDB
Type: UNKNOWN
7816

Source: CCN
Type: OSVDB ID: 5563
Microsoft IE Telnet Client SFU Arbitrary Command Execution

Source: CCN
Type: OSVDB ID: 7816
Microsoft IE SFU Telnet Client Arbitrary Command Execution

Source: BID
Type: UNKNOWN
2463

Source: CCN
Type: BID-2463
Microsoft IE Telnet Client File Overwrite Vulnerability

Source: MS
Type: UNKNOWN
MS01-015

Source: XF
Type: UNKNOWN
ie-telnet-execute-commands(6230)

Source: XF
Type: UNKNOWN
ie-telnet-execute-commands(6230)

Source: CCN
Type: Microsoft Knowledge Base Article 286043
Patch Available for Telnet Logging Vulnerability (Q286043)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:microsoft:internet_explorer:*:*:*:*:*:*:*:* (Version <= 5.5)

    • Configuration CCN 1:
  • cpe:/a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    microsoft internet explorer *
    microsoft internet explorer 5.01
    microsoft internet explorer 5.5