Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2001-0150 | First vendor Publication | 2001-06-02 |
| Vendor | Cve | Last vendor Modification | 2024-02-13 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:H/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 5.1 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | High |
| Cvss Expoit Score | 4.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Internet Explorer 5.5 and earlier executes Telnet sessions using command line arguments that are specified by the web site, which could allow remote attackers to execute arbitrary commands if the IE client is using the Telnet client provided in Services for Unix (SFU) 2.0, which creates session transcripts. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0150 |
CAPEC : Common Attack Pattern Enumeration & Classification
| Id | Name |
|---|---|
| CAPEC-41 | Using Meta-characters in E-mail Headers to Inject Malicious Payloads |
| CAPEC-88 | OS Command Injection |
| CAPEC-133 | Try All Common Application Switches and Options |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-88 | Argument Injection or Modification |
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2005-11-03 | Name : IE 5.01 5.5 6.0 Cumulative patch (890923) File : nvt/smb_nt_ms02-005.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 7816 | Microsoft IE SFU Telnet Client Arbitrary Command Execution Microsoft Internet Explorer in the interaction with Services for Unix contains a flaw that may allow a remote attacker to execute arbitrary commands. By passing a specially crafted URL with command line parameters to the telnet program, a remote attacker could execute arbitrary commands resulting in a loss of integrity. |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Microsoft Windows Media Player 7+ ActiveX object access RuleID : 4156 - Revision : 14 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Internet Explorer htmlfile ActiveX object access attempt RuleID : 4155 - Revision : 20 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Internet Explorer htmlfile ActiveX object access attempt RuleID : 28272 - Revision : 7 - Type : BROWSER-PLUGINS |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2003-03-12 | Name : The remote host is vulnerable to privilege escalation. File : smb_nt_ms02-001.nasl - Type : ACT_GATHER_INFO |
| 2002-02-13 | Name : Arbitrary code can be executed on the remote host through the web client. File : smb_nt_ms02-005.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-02-13 21:28:00 |
|
| 2021-07-27 00:24:38 |
|
| 2021-07-24 09:24:34 |
|
| 2021-07-24 01:44:16 |
|
| 2021-07-24 01:01:06 |
|
| 2021-07-23 17:24:43 |
|
| 2021-07-23 12:01:20 |
|
| 2021-05-04 12:01:16 |
|
| 2021-04-22 01:01:29 |
|
| 2020-05-23 01:35:27 |
|
| 2020-05-23 00:14:33 |
|
| 2018-10-13 00:22:23 |
|
| 2018-05-03 09:19:24 |
|
| 2016-06-28 14:54:58 |
|
| 2016-04-26 11:49:17 |
|
| 2013-05-11 12:03:16 |
|
