Executive Summary
Informations | |||
---|---|---|---|
Name | MS02-005 | First vendor Publication | N/A |
Vendor | Microsoft | Last vendor Modification | N/A |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
11 February 2002 Cumulative Patch for Internet Explorer |
CWE : Common Weakness Enumeration
% | Id | Name |
---|
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:23 | |||
Oval ID: | oval:org.mitre.oval:def:23 | ||
Title: | IE v5.5 Forced Script Execution | ||
Description: | Internet Explorer 5.5 and 6.0 allows remote attackers to bypass restrictions for executing scripts via an object that processes asynchronous events after the initial security checks have been made. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2002-0026 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:77 | |||
Oval ID: | oval:org.mitre.oval:def:77 | ||
Title: | IE v5.5 GetObject File Retrieval | ||
Description: | Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read arbitrary files via malformed requests to the GetObject function, which bypass some of GetObject's security checks. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2002-0023 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 3 | |
Application | 3 | |
Application | 3 | |
Os | 2 |
OpenVAS Exploits
Date | Description |
---|---|
2005-11-03 | Name : IE 5.01 5.5 6.0 Cumulative patch (890923) File : nvt/smb_nt_ms02-005.nasl |
2005-11-03 | Name : XML Core Services patch (Q318203) File : nvt/smb_nt_ms02-008.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
5419 | Microsoft IE mshtml.dll EMBED Directive Overflow |
3738 | Microsoft IE Content-disposition Header File Download Extension Spoofing |
3032 | Microsoft IE XMLHTTP Control Arbitrary Remote File Access Microsoft Internet Explorer contains a flaw in the way it interacts with the XML Core Services 2.6 that does not honor IE Security Zone settings. The flaw occurs because IE will blindly follow redirects on XMLHTTP requests, even if they transfer from a legitimate URL to a local file. This flaw would allow remote attackers to read arbitrary files by specifying a local file as an XML Data Source. |
3031 | Microsoft IE document.Open Same Origin Policy Violation Microsoft Internet Explorer contains a flaw that can allow an attacker to bypass the "same origin policy". When one website (called the "parent") opens another website in a new window (called the "child") using the document.Open() method, an attacker can execute script code in the parent that will interact with the properties of the child. This can allow attackers to steal cookies, run arbitrary script, read local files and more. |
3030 | Microsoft IE GetObject File Disclosure Microsoft Internet Explorer contains a flaw that allows remote attackers to read arbitrary files. The flaw occurs due to poor security checks on the "GetObject()" JScript function when malformed requests with "../" are used. This function is used with the ActiveX object "htmlfile". |
2047 | Microsoft IE Content-Type Field Arbitrary File Execution |
2046 | Microsoft IE Forced Script Execution |
2045 | Microsoft IE HTML Document Directive Overflow |
2008 | Microsoft IE Same Origin Policy Violation Internet Explorer 5.5 and 6.0 allows remote attackers to read certain files and spoof the URL in the address bar by using the Document.open function to pass information between two frames from different domains, a new variant of the "Frame Domain Verification" vulnerability described in MS:MS01-058/CAN-2001-0874. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2002-02-24 | Name : Local files can be retrieved through the web client. File : smb_nt_ms02-008.nasl - Type : ACT_GATHER_INFO |
2002-02-13 | Name : Arbitrary code can be executed on the remote host through the web client. File : smb_nt_ms02-005.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:44:37 |
|