ID CVE-2001-0154
Summary HTML e-mail feature in Internet Explorer 5.5 and earlier allows attackers to execute attachments by setting an unusual MIME type for the attachment, which Internet Explorer does not process correctly.
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:ie:5.01:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.01:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:-:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:-:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:3.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:3.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:3.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:3.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:3.2:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.0.1:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.0.1:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.0.1:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.0.1:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.01:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.01:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.01:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.01:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.5:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.40.308:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.40.308:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.40.520:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.40.520:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.70.1155:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.70.1155:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.70.1158:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.70.1158:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.70.1215:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.70.1215:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.70.1300:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.70.1300:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.71.544:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.71.544:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.71.1008.3:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.71.1008.3:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.71.1712.6:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.71.1712.6:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.72.2106.8:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.72.2106.8:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.72.3110.8:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.72.3110.8:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.72.3612.1713:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.72.3612.1713:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.0.1:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.0.1:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.0.1:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.0.1:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.0.1:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.0.1:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.0.1:sp4:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.0.1:sp4:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.0518.10:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.0518.10:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.0910.1309:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.0910.1309:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.2014.0216:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.2014.0216:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.2314.1003:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.2314.1003:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.2516.1900:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.2516.1900:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.2614.3500:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.2614.3500:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.2919.800:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.2919.800:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.2919.3800:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.2919.3800:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.2919.6307:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.2919.6307:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.2920.0000:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.2920.0000:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.3103.1000:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.3103.1000:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.3105.0106:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.3105.0106:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.3314.2101:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.3314.2101:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.3315.1000:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.3315.1000:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.3502.1000:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.3502.1000:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.3700.1000:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.3700.1000:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.01:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.01:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.01:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.01:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.01:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.01:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.01:sp4:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.01:sp4:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.5:preview:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.5:preview:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.5:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.5:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 12-10-2018 - 21:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
oval via4
accepted 2016-02-19T10:00:00.000-04:00
class vulnerability
contributors
  • name Tiffany Bergeron
    organization The MITRE Corporation
  • name Andrew Buttner
    organization The MITRE Corporation
  • name Robert L. Hollis
    organization ThreatGuard, Inc.
  • name Robert L. Hollis
    organization ThreatGuard, Inc.
  • name Robert L. Hollis
    organization ThreatGuard, Inc.
  • name Robert L. Hollis
    organization ThreatGuard, Inc.
  • name Robert L. Hollis
    organization ThreatGuard, Inc.
  • name Robert L. Hollis
    organization ThreatGuard, Inc.
  • name Dragos Prisaca
    organization Gideon Technologies, Inc.
  • name Sudhir Gandhe
    organization Telos
  • name Shane Shaffer
    organization G2, Inc.
  • name Maria Mikhno
    organization ALTX-SOFT
  • name Maria Mikhno
    organization ALTX-SOFT
description HTML e-mail feature in Internet Explorer 5.5 and earlier allows attackers to execute attachments by setting an unusual MIME type for the attachment, which Internet Explorer does not process correctly.
family windows
id oval:org.mitre.oval:def:141
status accepted
submitted 2003-07-18T12:00:00.000-04:00
title Microsoft Internet Explorer MIME Hack
version 73
refmap via4
bid 2524
bugtraq 20010330 Incorrect MIME Header Can Cause IE to Execute E-mail Attachment
cert CA-2001-06
ciac L-066
osvdb 7806
sectrack 1001197
xf ie-mime-execute-code(6306)
Last major update 12-10-2018 - 21:30
Published 03-05-2001 - 04:00
Last modified 12-10-2018 - 21:30
Back to Top