CVE-2001-0643 - Internet Explorer 5.5 does not display the Class ID (CLSID) when it is at the end of the file name,

CVE-2001-0643

Summary

Internet Explorer 5.5 does not display the Class ID (CLSID) when it is at the end of the file name, which could allow attackers to trick the user into executing dangerous programs by making it appear that the document is of a safe file type.

References

Vulnerable Configurations

cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 23-07-2021 - 12:18)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:P/A:N

refmap via4

bid	2612
bugtraq	20010416 Double clicking on innocent looking files may be dangerous
misc	http://vil.nai.com/vil/virusSummary.asp?virus_k=99048 http://www.guninski.com/clsidext.html http://www.sarc.com/avcenter/venc/data/vbs.postcard@mm.html
osvdb	7858
xf	ie-clsid-execute-files(6426)

Last major update

23-07-2021 - 12:18

Published

20-09-2001 - 04:00

Last modified

23-07-2021 - 12:18