Vulnerability Name:

CVE-2003-0532 (CCN-12960)

Assigned:2003-08-20
Published:2003-08-20
Updated:2021-07-23
Summary:Internet Explorer 5.01 SP3 through 6.0 SP1 does not properly determine object types that are returned by web servers, which could allow remote attackers to execute arbitrary code via an object tag with a data parameter to a malicious file hosted on a server that returns an unsafe Content-Type, aka the "Object Type" vulnerability.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: VULNWATCH
Type: Exploit, Vendor Advisory
20030820 EEYE: Internet Explorer Object Data Remote Execution Vulnerability

Source: MITRE
Type: CNA
CVE-2003-0532

Source: BUGTRAQ
Type: UNKNOWN
20030820 EEYE: Internet Explorer Object Data Remote Execution Vulnerability

Source: CCN
Type: CERT Advisory CA-2003-22
Multiple Vulnerabilities in Microsoft Internet Explorer

Source: CCN
Type: CIAC Information Bulletin N-135
Microsoft Cumulative Patch for Internet Explorer

Source: MISC
Type: UNKNOWN
http://www.eeye.com/html/Research/Advisories/AD20030820.html

Source: CCN
Type: US-CERT VU#865940
Microsoft Internet Explorer does not properly evaluate application/hta MIME type referenced by DATA attribute of OBJECT element

Source: CERT-VN
Type: Third Party Advisory, US Government Resource
VU#865940

Source: CCN
Type: Microsoft Security Bulletin MS03-032
Cumulative Patch for Internet Explorer (822925)

Source: CCN
Type: Microsoft Security Bulletin MS03-040
Cumulative Patch for Internet Explorer (828750)

Source: CCN
Type: Microsoft Security Bulletin MS03-048
Cumulative Security Update for Internet Explorer (824145)

Source: CCN
Type: Microsoft Security Bulletin MS04-004
Cumulative Security Update for Internet Explorer (832894)

Source: CCN
Type: Microsoft Security Bulletin MS04-025
Cumulative Security Update for Internet Explorer (867801)

Source: CCN
Type: Microsoft Security Bulletin MS04-038
Cumulative Security Update for Internet Explorer (834707)

Source: CCN
Type: Microsoft Security Bulletin MS04-040
Cumulative Security Update for Internet Explorer (889293)

Source: CCN
Type: Microsoft Security Bulletin MS05-014
Cumulative Security Update for Internet Explorer (867282)

Source: CCN
Type: Microsoft Security Bulletin MS05-020
Cumulative Security Update for Internet Explorer (890923)

Source: CCN
Type: Microsoft Security Bulletin MS05-025
Cumulative Security Update for Internet Explorer (883939)

Source: CCN
Type: Microsoft Security Bulletin MS05-038
Cumulative Security Update for Internet Explorer (896727)

Source: CCN
Type: Microsoft Security Bulletin MS05-052
Cumulative Security Update for Internet Explorer (896688)

Source: CCN
Type: Microsoft Security Bulletin MS05-054
Cumulative Security Update for Internet Explorer (905915)

Source: CCN
Type: Microsoft Security Bulletin MS06-004
Cumulative Security Update for Internet Explorer (910620)

Source: CCN
Type: Microsoft Security Bulletin MS06-013
Cumulative Security Update for Internet Explorer (912812)

Source: CCN
Type: Microsoft Security Bulletin MS06-021
Cumulative Security Update for Internet Explorer (916281)

Source: CCN
Type: Microsoft Security Bulletin MS06-042
Cumulative Security Update for Internet Explorer (918899)

Source: CCN
Type: Microsoft Security Bulletin MS06-067
Cumulative Security Update for Internet Explorer (922760)

Source: CCN
Type: Microsoft Security Bulletin MS06-072
Cumulative Security Update for Internet Explorer (925454)

Source: CCN
Type: Microsoft Security Bulletin MS07-016
Cumulative Security Update for Internet Explorer (928090)

Source: CCN
Type: Microsoft Security Bulletin MS07-027
Cumulative Security Update for Internet Explorer (931768)

Source: CCN
Type: Microsoft Security Bulletin MS07-033
Cumulative Security Update for Internet Explorer (933566)

Source: CCN
Type: Microsoft Security Bulletin MS07-045
Cumulative Security Update for Internet Explorer (937143)

Source: CCN
Type: Microsoft Security Bulletin MS07-057
Cumulative Security Update for Internet Explorer (939653)

Source: CCN
Type: Microsoft Security Bulletin MS07-069
Cumulative Security Update for Internet Explorer (942615)

Source: CCN
Type: Microsoft Security Bulletin MS08-010
Cumulative Security Update for Internet Explorer (944533)

Source: CCN
Type: Microsoft Security Bulletin MS08-024
Cumulative Security Update for Internet Explorer (947864)

Source: CCN
Type: Microsoft Security Bulletin MS08-031
Cumulative Security Update for Internet Explorer (950759)

Source: CCN
Type: Microsoft Security Bulletin MS08-045
Cumulative Security Update for Internet Explorer (953838)

Source: CCN
Type: Microsoft Security Bulletin MS08-058
Cumulative Security Update for Internet Explorer (956390)

Source: CCN
Type: BID-8456
Microsoft Internet Explorer Object Type Validation Vulnerability

Source: CCN
Type: Internet Security Systems Protection Alert April 11, 2006
Cumulative Security Update for Internet Explorer

Source: MS
Type: UNKNOWN
MS03-032

Source: XF
Type: UNKNOWN
ie-object-code-execution(12960)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.5:-:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp1:*:*:*:*:x64:*
  • AND
  • cpe:/o:microsoft:windows_nt:4.0:sp6a:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server:*:x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2003-0532 (CCN-14231)

    Assigned:2003-08-20
    Published:2003-08-20
    Updated:2018-10-12
    Summary:Internet Explorer 5.01 SP3 through 6.0 SP1 does not properly determine object types that are returned by web servers, which could allow remote attackers to execute arbitrary code via an object tag with a data parameter to a malicious file hosted on a server that returns an unsafe Content-Type, aka the "Object Type" vulnerability.
    CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): Low
    Integrity (I): Low
    Availibility (A): Low
    CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Authentication (Au): None
    Impact Metrics:Confidentiality (C): Partial
    Integrity (I): Partial
    Availibility (A): Partial
    7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Athentication (Au): None
    Impact Metrics:Confidentiality (C): Partial
    Integrity (I): Partial
    Availibility (A): Partial
    Vulnerability Type:CWE-Other
    Vulnerability Consequences:Gain Access
    References:Source: MITRE
    Type: CNA
    CVE-1999-0660

    Source: MITRE
    Type: CNA
    CVE-2003-0532

    Source: CCN
    Type: Microsoft Security Bulletin MS03-032
    Cumulative Patch for Internet Explorer (822925)

    Source: CCN
    Type: PC Hell Web site
    Surferbar Removal Instructions and Help

    Source: CCN
    Type: Trend Micro Web site
    TROJ_JUNKSURF.A

    Source: XF
    Type: UNKNOWN
    spyware-adplus-surferbar(14231)

    BACK
    microsoft internet explorer 5.0.1
    microsoft ie 6.0 sp1
    microsoft internet explorer 5.5 sp2
    microsoft internet explorer 6.0
    microsoft internet explorer 5.0.1 sp1
    microsoft internet explorer 5.0.1 sp2
    microsoft internet explorer 5.0.1 sp3
    microsoft internet explorer 5.5
    microsoft internet explorer 5.5 sp1
    microsoft ie 5.01
    microsoft ie 5.5
    microsoft ie 6.0
    microsoft windows xp * sp1
    microsoft windows nt 4.0 sp6a
    microsoft windows 2000 * sp2
    microsoft windows 2000 * sp3
    microsoft windows xp * sp1
    microsoft windows 2000 * sp4
    microsoft windows 2003_server
    microsoft windows 2003_server