7.5

CVE-2003-1041

Exploit
Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm extension.  NOTE: this bug may overlap CVE-2004-0475.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftIe Version6 Updatewindows_server_2003_sp1
MicrosoftIe Version6.0 Updatesp1
MicrosoftInternet Explorer Version5.5
MicrosoftInternet Explorer Version5.5 Updatesp1
MicrosoftInternet Explorer Version5.5 Updatesp2
MicrosoftInternet Explorer Version6.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 52.61% 0.988
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.kb.cert.org/vuls/id/187196
US Government Resource
http://www.securityfocus.com/archive/1/348521
Vendor Advisory
Exploit
http://www.securityfocus.com/bid/9320
Vendor Advisory
Exploit
http://www.us-cert.gov/cas/techalerts/TA04-196A.html
Third Party Advisory
US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-023
https://exchange.xforce.ibmcloud.com/vulnerabilities/14105
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1186
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1943
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3514
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A956