| Vulnerability Name: | CVE-2001-1325 (CCN-6448) | ||||||||
| Assigned: | 2001-04-20 | ||||||||
| Published: | 2001-04-20 | ||||||||
| Updated: | 2021-07-23 | ||||||||
| Summary: | Internet Explorer 5.0 and 5.5, and Outlook Express 5.0 and 5.5, allow remote attackers to execute scripts when Active Scripting is disabled by including the scripts in XML stylesheets (XSL) that are referenced using an IFRAME tag, possibly due to a vulnerability in Windows Scripting Host (WSH). | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P) 5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2001-1325 Source: CCN Type: Georgi Guninski Security Advisory #43 XML scripting in IE, Outlook Express Source: BUGTRAQ Type: UNKNOWN 20010420 XML scripting in IE, Outlook Express Source: BID Type: Exploit, Patch, Vendor Advisory 2633 Source: CCN Type: BID-2633 Microsoft IE and OE XML Stylesheets Active Scripting Vulnerability Source: XF Type: UNKNOWN ie-xml-stylesheets-scripting(6448) Source: XF Type: UNKNOWN ie-xml-stylesheets-scripting(6448) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||