Vulnerability Details

ID: CVE-2003-0531

Last Modified: July 23, 2021

Open in new window

Description

Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to access and execute script in the My Computer domain using the browser cache via crafted Content-Type and Content-Disposition headers, aka the "Browser Cache Script Execution in My Computer Zone" vulnerability.

CVSS V2

Access Vector: Network

Access Complexity: Low

Authentication: None

Confidentiality Impact: Partial

Integrity Impact: Partial

Availability Impact: Partial

Base Score: 7.5

Exploitability Score: 10.0

Impact Score: 6.4

CVSS V2: AV:N/AC:L/Au:N/C:P/I:P/A:P

Specialize CVSS-Score

CWE-ID

NVD-CWE-Other

Configuration

Condition		Configuration
OR
OR
	cpe:2.3:a:microsoft:ie:6.0:sp1:::::: Part: a Product: ie Update: sp1 Vendor: microsoft Version: 6.0	Alle Schwachstellen für microsoft
	cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:::::: Part: a Product: internet_explorer Update: sp2 Vendor: microsoft Version: 5.5	Alle Schwachstellen für microsoft
	cpe:2.3:a:microsoft:internet_explorer:5.0.1:::::::* Part: a Product: internet_explorer Vendor: microsoft Version: 5.0.1	Alle Schwachstellen für microsoft
	cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:::::: Part: a Product: internet_explorer Update: sp2 Vendor: microsoft Version: 5.0.1	Alle Schwachstellen für microsoft
	cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:::::: Part: a Product: internet_explorer Update: sp3 Vendor: microsoft Version: 5.0.1	Alle Schwachstellen für microsoft
	cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:::::: Part: a Product: internet_explorer Update: sp1 Vendor: microsoft Version: 5.0.1	Alle Schwachstellen für microsoft
	cpe:2.3:a:microsoft:internet_explorer:5.5:::::::* Part: a Product: internet_explorer Vendor: microsoft Version: 5.5	Alle Schwachstellen für microsoft
	cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:::::: Part: a Product: internet_explorer Update: sp1 Vendor: microsoft Version: 5.5	Alle Schwachstellen für microsoft
	cpe:2.3:a:microsoft:internet_explorer:6.0:::::::* Part: a Product: internet_explorer Vendor: microsoft Version: 6.0	Alle Schwachstellen für microsoft

Pre-Condition

                    <?xml version="1.0" ?>
<set operator="and">
    <set operator="or">
        <prop key="application" value="cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*"/>
    </set>
    <prop key="program_influence" value="input"/>
    <prop key="range" value="remote"/>
</set>

Post-Condition

                      <?xml version="1.0" ?>
<set operator="and">
    <prop key="target" value="host"/>
    <set operator="or">
        <prop key="program_influence" value="input"/>
        <prop key="program_influence" value="output"/>
        <prop key="program_influence" value="existence"/>
    </set>
    <prop key="data" value="any"/>
    <set operator="or">
        <prop key="data_influence" value="read"/>
        <prop key="data_influence" value="write"/>
        <prop key="data_influence" value="delete"/>
    </set>
    <set operator="or">
        <prop key="range" value="remote"/>
        <prop key="range" value="local"/>
    </set>
</set>