Executive Summary
Informations | |||
---|---|---|---|
Name | MS01-051 | First vendor Publication | N/A |
Vendor | Microsoft | Last vendor Modification | N/A |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Malformed Dotless IP Address Can Cause Web Page to be Handled in Intranet Zone |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-41 | Using Meta-characters in E-mail Headers to Inject Malicious Payloads |
CAPEC-88 | OS Command Injection |
CAPEC-133 | Try All Common Application Switches and Options |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-88 | Argument Injection or Modification |
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
5563 | Microsoft IE Telnet Client SFU Arbitrary Command Execution |
1972 | Microsoft IE HTTP Request Encoding Microsoft Internet Explorer contains a flaw that may allow a malicious user to automatically execute HTTP requests on behalf of the victim. The issue is triggered when the attacker encodes URLs in a specific way and the victim views HTML crafted by the attacker. It is possible that the flaw may allow the attacker to take control of the victim's web-based applications, such as web-based email and online banking. |
1971 | Microsoft IE Dotless IP Zone Spoofing Microsoft Internet Explorer contains a flaw related to the way dotless IP addresses are classified with respect to their security zone. This flaw may allow an attacker to have Internet Explorer interpret a site of the Internet security zone as a site of the Intranet security zone and therefore execute in a context of lower security. |