Executive Summary
Informations | |||
---|---|---|---|
Name | MS03-015 | First vendor Publication | N/A |
Vendor | Microsoft | Last vendor Modification | N/A |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Cumulative Patch for Internet Explorer (813489) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:1094 | |||
Oval ID: | oval:org.mitre.oval:def:1094 | ||
Title: | IE plugin.ocx Heap Overflow | ||
Description: | Heap-based buffer overflow in plugin.ocx for Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via the Load() method, a different vulnerability than CVE-2003-0115. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-0233 | Version: | 4 |
Platform(s): | Microsoft Windows 98 Microsoft Windows ME Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:963 | |||
Oval ID: | oval:org.mitre.oval:def:963 | ||
Title: | IE File Upload Vulnerability | ||
Description: | The file upload control in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to automatically upload files from the local system via a web page containing a script to upload the files. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-0114 | Version: | 4 |
Platform(s): | Microsoft Windows 98 Microsoft Windows ME Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2005-11-03 | Name : IE 5.01 5.5 6.0 Cumulative patch (890923) File : nvt/smb_nt_ms02-005.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
7843 | Microsoft IE URLMON.DLL Multiple Overflows |
7842 | Microsoft IE File Upload Control Arbitrary File Access |
7739 | Microsoft IE plugin.ocx Load() Method Overflow |
2973 | Microsoft IE Third Party Plugin Rendering XSS Microsoft Internet Explorer contains a flaw in the 'plugin.ocx' file. This issue is triggered when it renders third party file types (such as .swf). The "EnableFullPage" parameter does not have sufficient sanity checking performed which allows an attacker to inject arbitrary script code. This can be exploited when a vulnerable browser loads a web document. |
2972 | Microsoft IE showModalDialog Script Execution Microsoft Internet Explorer does not properly check the Cascading Style Sheet input parameter for Modal dialog. This may allow a remote attacker to read files on the local system via a web page containing malicious script that creates a dialog and then accesses the target files. The flaw is in the showModalDialog() function. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft Internet Explorer Third-Party Plugin ActiveX object access RuleID : 4189 - Revision : 12 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer Content-Encoding overflow attempt RuleID : 3462-community - Revision : 14 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer Content-Encoding overflow attempt RuleID : 3462 - Revision : 14 - Type : BROWSER-IE |
2014-01-10 | Content-Type overflow attempt RuleID : 3461-community - Revision : 18 - Type : SERVER-MAIL |
2014-01-10 | Content-Type overflow attempt RuleID : 3461 - Revision : 18 - Type : SERVER-MAIL |
Alert History
Date | Informations |
---|---|
2014-01-19 21:29:48 |
|