Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-1041


Vulnerability Score 7.5 7.5
CVE Id CVE-2003-1041
Last Modified 10 Sep 2008 03:21:34
Published 14 Jun 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug may overlap CVE-2004-0475.

Vulnerable Systems


  • Microsoft Ie 5

  • Microsoft Ie 5.5

  • Microsoft Ie 6

  • Microsoft Ie 6.0


CERT - TA04-196A

CERT-VN - VU#187196

XF - ie-showhelp-directory-traversal(14105)

BID - 9320

BUGTRAQ - 20031230 IE 5.x-6.0 allows executing arbitrary programs using showHelp()

MS - MS04-023

Last Updated: 27 May 2016 10:38:09