Executive Summary
Informations | |||
---|---|---|---|
Name | MS01-015 | First vendor Publication | N/A |
Vendor | Microsoft | Last vendor Modification | N/A |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
IE Can Divulge Location of Cached Content |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-41 | Using Meta-characters in E-mail Headers to Inject Malicious Payloads |
CAPEC-88 | OS Command Injection |
CAPEC-133 | Try All Common Application Switches and Options |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-88 | Argument Injection or Modification |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:920 | |||
Oval ID: | oval:org.mitre.oval:def:920 | ||
Title: | IE Cached Content Command Execution Vulnerability | ||
Description: | Internet Explorer 5.5 and earlier allows remote attackers to obtain the physical location of cached content and open the content in the Local Computer Zone, then use compiled HTML help (.chm) files to execute arbitrary programs. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2001-0002 | Version: | 3 |
Platform(s): | Microsoft Windows 98 Microsoft Windows NT Microsoft Windows 2000 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2005-11-03 | Name : IE 5.01 5.5 6.0 Cumulative patch (890923) File : nvt/smb_nt_ms02-005.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
7823 | Microsoft IE Cached Content .chm Arbitrary Program Execution Microsoft Internet Explorer contains a flaw that may allow a remote attacker to execute arbitrary commands. Internet Explorer allows remote attackers to obtain the physical location of cached content and open the content in the Local Computer Zone, then use compiled HTML help (.chm) files to execute arbitrary programs. |
7816 | Microsoft IE SFU Telnet Client Arbitrary Command Execution Microsoft Internet Explorer in the interaction with Services for Unix contains a flaw that may allow a remote attacker to execute arbitrary commands. By passing a specially crafted URL with command line parameters to the telnet program, a remote attacker could execute arbitrary commands resulting in a loss of integrity. |
7178 | Microsoft Windows Media Player WMP ActiveX Control Javascript Command Execution |
3111 | Microsoft IE Windows Scripting Host (WSH) GetObject Javascript Function Arbit... |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft Windows Media Player 7+ ActiveX object access RuleID : 4156 - Revision : 14 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer htmlfile ActiveX object access attempt RuleID : 4155 - Revision : 20 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer htmlfile ActiveX object access attempt RuleID : 28272 - Revision : 7 - Type : BROWSER-PLUGINS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2003-03-12 | Name : The remote host is vulnerable to privilege escalation. File : smb_nt_ms02-001.nasl - Type : ACT_GATHER_INFO |
2002-02-13 | Name : Arbitrary code can be executed on the remote host through the web client. File : smb_nt_ms02-005.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:44:32 |
|
2014-01-19 21:29:45 |
|