Executive Summary

Informations
Name MS03-020 First vendor Publication N/A
Vendor Microsoft Last vendor Modification N/A
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Cumulative Patch for Internet Explorer (818529)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:922
 
Oval ID: oval:org.mitre.oval:def:922
Title: IE Slash Characters in Type Property Vulnerability
Description: Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page.
Family: windows Class: vulnerability
Reference(s): CVE-2003-0344
 Version: 4
Platform(s): Microsoft Windows 98
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
 Product(s): Microsoft Internet Explorer
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:948
 
Oval ID: oval:org.mitre.oval:def:948
Title: IE File Download Dialog Vulnerability
Description: Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to bypass security zone restrictions and execute arbitrary programs via a web document with a large number of duplicate file:// or other requests that point to the program and open multiple file download dialogs, which eventually cause Internet Explorer to execute the program, as demonstrated using a large number of FRAME or IFRAME tags, aka the "File Download Dialog Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2003-0309
 Version: 4
Platform(s): Microsoft Windows 98
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
 Product(s): Microsoft Internet Explorer
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Application 4

ExploitDB Exploits

id Description
2010-08-25 MS03-020 Internet Explorer Object Type

OpenVAS Exploits

Date Description
2005-11-03 Name : IE 5.01 5.5 6.0 Cumulative patch (890923)
File : nvt/smb_nt_ms02-005.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
2968 Microsoft IE File Download Dialog Overflow

Microsoft Internet Explorer contains a flaw that allows remote attackers to bypass security zone restrictions and execute arbitrary programs via a web document. This flaw occurs when a large number of duplicate file:// or other requests that point to the program and open multiple file download dialogs. After enough dialog boxes are opened, IE will execute the file without prompting the user.
2967 Microsoft IE Object Type Property Overflow

Microsoft Internet Explorer contains a flaw in the way it handles certain "Object" tags. The flaw is triggered due to a buffer overflow in the "Type" property of the "Object" tag. While there are some sanity checks for buffer input, these can be circumvented using special characters. This attack may be utilized wherever IE parses HTML, so this vulnerability, affects newsgroups, mailing lists, or websites.

Snort® IPS/IDS

Date Description
2014-01-10 Microsoft Internet Explorer malformed object type overflow attempt
RuleID : 3149-community - Revision : 13 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer malformed object type overflow attempt
RuleID : 3149 - Revision : 13 - Type : BROWSER-IE

Metasploit Database

id Description
2003-06-04 MS03-020 Microsoft Internet Explorer Object Type

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2020-05-23 13:17:12
  • Multiple Updates
2014-01-19 21:29:49
  • Multiple Updates