Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0532

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2003-0532
Last Modified 10 Sep 2008 03:19:32
Published 27 Aug 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-0532

Summary

Internet Explorer 5.01 SP3 through 6.0 SP1 does not properly determine object types that are returned by web servers, which could allow remote attackers to execute arbitrary code via an object tag with a data parameter to a malicious file hosted on a server that returns an unsafe Content-Type, aka the "Object Type" vulnerability.

Vulnerable Systems

Application

  • Microsoft Ie 5.0.1

  • Microsoft Ie 5.5

  • Microsoft Ie 6.0


References

CERT-VN - VU#865940

MS - MS03-032

MISC - http://www.eeye.com/html/Research/Advisories/AD20030820.html

BUGTRAQ - 20030820 EEYE: Internet Explorer Object Data Remote Execution Vulnerability


Last Updated: 27 May 2016 10:37:57