Release DateJan 05, 2012 |
Severitymedium |
ImpactSystem compromise: An attacker can execute arbitrary program on infected systems. |
DescriptionThis indicates an attack attempt against an Arbitrary File Execution vulnerability in Internet Explorer.The vulnerability is due to the vulnerable application's insufficient security checking on HTML header content. An attacker can create a specially crafted web page which contains malicious executable programs to exploit this vulnerability. When a victim is tricked into visiting such a web page, the attacker program can be downloaded to and executed on the victim machine. |
Affected ProductsMicrosoft Internet Explorer version 6.0 |
Recommended ActionsDisable automatic file download.Apply appropriate patches or upgrade the system to the latest non-vulnerable version. |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2001-0727 |
Reference/shttp://www.securityfocus.com/bid/3578 (BugTraq)http://technet.microsoft.com/en-us/security/bulletin/MS01-058.mspx (MS-ID) |
