CVE-2003-1041

Description

Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug may overlap CVE-2004-0475.

Related CPE's

Could not find any relations

References

20031230 IE 5.x-6.0 allows executing arbitrary programs using showHelp()

ExploitVendor Advisory

9320

ExploitVendor Advisory

TA04-196A

Third Party AdvisoryUS Government Resource

VU#187196

US Government Resource

ie-showhelp-directory-traversal(14105)

oval:org.mitre.oval:def:956

oval:org.mitre.oval:def:3514

oval:org.mitre.oval:def:1943

oval:org.mitre.oval:def:1186

MS04-023

CvssV3 impact

Could not find any metrics

CvssV2 impact

Version	2.0
VectorString	AV:N/AC:L/Au:N/C:P/I:P/A:P
AccessVector	NETWORK
AccessComplexity	LOW
Authentication	NONE
ConfidentialityImpact	PARTIAL
IntegrityImpact	PARTIAL
AvailabilityImpact	PARTIAL
BaseScore	7.5

Created by Yello

About Severity.io