HPI-VDB — Database for IT-Attack Analysis


ID: CVE-2003-0532

Last Modified: July 23, 2021

Internet Explorer 5.01 SP3 through 6.0 SP1 does not properly determine object types that are returned by web servers, which could allow remote attackers to execute arbitrary code via an object tag with a data parameter to a malicious file hosted on a server that returns an unsafe Content-Type, aka the "Object Type" vulnerability.

Access Vector: Network

Access Complexity: Low

Authentication: None

Confidentiality Impact: Partial

Integrity Impact: Partial

Availability Impact: Partial

Base Score: 7.5

Exploitability Score: 10.0

Impact Score: 6.4

CVSS V2: AV:N/AC:L/Au:N/C:P/I:P/A:P

Specialize CVSS-Score

NVD-CWE-Other

['alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any ( msg:"BROWSER-PLUGINS Microsoft Windows Scripting Host Shell ActiveX clsid access"; flow:to_client,established; file_data; content:"F935DC22-1CF0-11D0-ADB9-00C04FD58A0B",fast_pattern,nocase; metadata:policy max-detect-ips drop; service:http; reference:bugtraq,1399; reference:bugtraq,1754; reference:bugtraq,598; reference:bugtraq,8456; reference:cve,1999-0668; reference:cve,2000-0597; reference:cve,2000-1061; reference:cve,2003-0532; reference:url,support.microsoft.com/default.aspx?scid=kb%3ben-us%3bQ240308; reference:url,technet.microsoft.com/en-us/security/bulletin/MS00-049; reference:url,technet.microsoft.com/en-us/security/bulletin/MS00-075; reference:url,technet.microsoft.com/en-us/security/bulletin/MS03-032; reference:url,technet.microsoft.com/en-us/security/bulletin/MS99-032; classtype:attempted-user; sid:8066; rev:16; )\n']

Condition Configuration
OR
OR
Alle Schwachstellen für microsoft
Alle Schwachstellen für microsoft
Alle Schwachstellen für microsoft
Alle Schwachstellen für microsoft
Alle Schwachstellen für microsoft
Alle Schwachstellen für microsoft
Alle Schwachstellen für microsoft
Alle Schwachstellen für microsoft
Alle Schwachstellen für microsoft 
                    <?xml version="1.0" ?>
<set operator="and">
    <set operator="or">
        <prop key="application" value="cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*"/>
    </set>
    <prop key="program_influence" value="input"/>
    <prop key="range" value="remote"/>
</set>

                  
                      <?xml version="1.0" ?>
<set operator="and">
    <prop key="target" value="host"/>
    <set operator="or">
        <prop key="program_influence" value="input"/>
        <prop key="program_influence" value="output"/>
        <prop key="program_influence" value="existence"/>
    </set>
    <prop key="data" value="any"/>
    <set operator="or">
        <prop key="data_influence" value="read"/>
        <prop key="data_influence" value="write"/>
        <prop key="data_influence" value="delete"/>
    </set>
    <set operator="or">
        <prop key="range" value="remote"/>
        <prop key="range" value="local"/>
    </set>
</set>