ID CVE-2001-0002
Summary Internet Explorer 5.5 and earlier allows remote attackers to obtain the physical location of cached content and open the content in the Local Computer Zone, then use compiled HTML help (.chm) files to execute arbitrary programs.
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:ie:5.01:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.01:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:-:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:-:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:3.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:3.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:3.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:3.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:3.2:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.0.1:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.0.1:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.0.1:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.0.1:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.01:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.01:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.01:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.01:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.5:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.40.308:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.40.308:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.40.520:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.40.520:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.70.1155:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.70.1155:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.70.1158:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.70.1158:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.70.1215:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.70.1215:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.70.1300:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.70.1300:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.71.544:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.71.544:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.71.1008.3:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.71.1008.3:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.71.1712.6:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.71.1712.6:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.72.2106.8:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.72.2106.8:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.72.3110.8:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.72.3110.8:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.72.3612.1713:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.72.3612.1713:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.0.1:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.0.1:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.0.1:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.0.1:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.0.1:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.0.1:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.0.1:sp4:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.0.1:sp4:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.0518.10:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.0518.10:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.0910.1309:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.0910.1309:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.2014.0216:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.2014.0216:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.2314.1003:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.2314.1003:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.2516.1900:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.2516.1900:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.2614.3500:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.2614.3500:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.2919.800:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.2919.800:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.2919.3800:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.2919.3800:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.2919.6307:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.2919.6307:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.2920.0000:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.2920.0000:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.3103.1000:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.3103.1000:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.3105.0106:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.3105.0106:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.3314.2101:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.3314.2101:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.3315.1000:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.3315.1000:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.3502.1000:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.3502.1000:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.3700.1000:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.3700.1000:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.01:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.01:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.01:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.01:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.01:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.01:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.01:sp4:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.01:sp4:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.5:preview:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.5:preview:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.5:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.5:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:windows_script_host:5.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:windows_script_host:5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:windows_script_host:5.5:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:windows_script_host:5.5:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 12-10-2018 - 21:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
oval via4
accepted 2014-02-24T04:03:28.132-05:00
class vulnerability
contributors
  • name Tiffany Bergeron
    organization The MITRE Corporation
  • name Maria Mikhno
    organization ALTX-SOFT
description Internet Explorer 5.5 and earlier allows remote attackers to obtain the physical location of cached content and open the content in the Local Computer Zone, then use compiled HTML help (.chm) files to execute arbitrary programs.
family windows
id oval:org.mitre.oval:def:920
status accepted
submitted 2004-04-29T12:00:00.000-04:00
title IE Cached Content Command Execution Vulnerability
version 66
refmap via4
bid 2456
bugtraq 20001120 IE 5.x/Outlook allows executing arbitrary programs using .chm files and temporary internet files folder
misc http://www.guninski.com/chmtempmain.html
osvdb 7823
xf ie-chm-execute-files(5567)
Last major update 12-10-2018 - 21:30
Published 21-07-2001 - 04:00
Last modified 12-10-2018 - 21:30
Back to Top