ID CVE-2002-0023
Summary Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read arbitrary files via malformed requests to the GetObject function, which bypass some of GetObject's security checks.
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:ie:5.01:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.01:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 12-10-2018 - 21:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
oval via4
  • accepted 2014-02-24T04:00:22.161-05:00
    class vulnerability
    contributors
    • name David Proulx
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Maria Mikhno
      organization ALTX-SOFT
    description Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read arbitrary files via malformed requests to the GetObject function, which bypass some of GetObject's security checks.
    family windows
    id oval:org.mitre.oval:def:17
    status accepted
    submitted 2003-11-12T05:00:00.000-04:00
    title IE GetObject Security Bypass
    version 66
  • accepted 2014-02-24T04:03:17.744-05:00
    class vulnerability
    contributors
    • name David Proulx
      organization The MITRE Corporation
    • name Maria Mikhno
      organization ALTX-SOFT
    description Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read arbitrary files via malformed requests to the GetObject function, which bypass some of GetObject's security checks.
    family windows
    id oval:org.mitre.oval:def:40
    status accepted
    submitted 2003-11-12T12:00:00.000-04:00
    title IE v5.5,SP2 GetObject File Retrieval
    version 66
  • accepted 2014-02-24T04:03:20.775-05:00
    class vulnerability
    contributors
    • name David Proulx
      organization The MITRE Corporation
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read arbitrary files via malformed requests to the GetObject function, which bypass some of GetObject's security checks.
    family windows
    id oval:org.mitre.oval:def:50
    status accepted
    submitted 2003-11-12T12:00:00.000-04:00
    title IE v5.01 GetObject File Retrieval
    version 66
  • accepted 2014-02-24T04:03:26.783-05:00
    class vulnerability
    contributors
    • name David Proulx
      organization The MITRE Corporation
    • name Maria Mikhno
      organization ALTX-SOFT
    description Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read arbitrary files via malformed requests to the GetObject function, which bypass some of GetObject's security checks.
    family windows
    id oval:org.mitre.oval:def:77
    status accepted
    submitted 2003-11-12T12:00:00.000-04:00
    title IE v5.5 GetObject File Retrieval
    version 66
refmap via4
bid 3767
bugtraq 20020101 IE GetObject() problems
osvdb 3030
xf ie-getobject-directory-traversal(7758)
Last major update 12-10-2018 - 21:30
Published 08-03-2002 - 05:00
Last modified 12-10-2018 - 21:30
Back to Top