CVE-2003-0532

Sažetak

Internet Explorer 5.01 SP3 through 6.0 SP1 does not properly determine object types that are returned by web servers, which could allow remote attackers to execute arbitrary code via an object tag with a data parameter to a malicious file hosted on a server that returns an unsafe Content-Type, aka the "Object Type" vulnerability.

Reference

http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0084.html
http://www.kb.cert.org/vuls/id/865940
http://www.eeye.com/html/Research/Advisories/AD20030820.html
http://marc.info/?l=bugtraq&m=106149026621753&w=2
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

23-07-2021 - 12:55

Objavljeno

27-08-2003 - 04:00