ID CVE-2003-1041
Summary Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug may overlap CVE-2004-0475.
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:ie:5:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.5:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.5:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 12-10-2018 - 21:33)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
oval via4
  • accepted 2011-05-16T04:00:29.743-04:00
    class vulnerability
    contributors
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug may overlap CVE-2004-0475.
    family windows
    id oval:org.mitre.oval:def:1186
    status accepted
    submitted 2004-07-13T12:00:00.000-04:00
    title IE .chm Directory Traversal Windows XP Vulnerability
    version 71
  • accepted 2007-03-21T16:17:08.910-04:00
    class vulnerability
    contributors
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    description Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug may overlap CVE-2004-0475.
    family windows
    id oval:org.mitre.oval:def:1943
    status accepted
    submitted 2004-07-14T12:00:00.000-04:00
    title IE .chm Directory Traversal Windows 2000 Vulnerability
    version 65
  • accepted 2007-03-21T16:17:17.120-04:00
    class vulnerability
    contributors
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    description Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug may overlap CVE-2004-0475.
    family windows
    id oval:org.mitre.oval:def:3514
    status accepted
    submitted 2004-07-14T12:00:00.000-04:00
    title IE .chm Directory Traversal Windows Server 2003 Vulnerability
    version 65
  • accepted 2014-02-24T04:03:28.573-05:00
    class vulnerability
    contributors
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Maria Mikhno
      organization ALTX-SOFT
    definition_extensions
    comment Microsoft Windows NT is installed
    oval oval:org.mitre.oval:def:36
    description Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug may overlap CVE-2004-0475.
    family windows
    id oval:org.mitre.oval:def:956
    status accepted
    submitted 2004-07-14T12:00:00.000-04:00
    title IE .chm Directory Traversal Windows NT Vulnerability
    version 78
refmap via4
bid 9320
bugtraq 20031230 IE 5.x-6.0 allows executing arbitrary programs using showHelp()
cert TA04-196A
cert-vn VU#187196
xf ie-showhelp-directory-traversal(14105)
Last major update 12-10-2018 - 21:33
Published 14-06-2004 - 04:00
Last modified 12-10-2018 - 21:33
Back to Top