Back to search
CVE-2003-1041
Published: May 20, 2004
Modified: Aug 8, 2024
PUBLISHED
Description
Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug may overlap CVE-2004-0475.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
TA04-196A
third-party-advisory
x_refsource_CERT
oval:org.mitre.oval:def:1186
vdb-entry
signature
x_refsource_OVAL
9320
vdb-entry
x_refsource_BID
MS04-023
vendor-advisory
x_refsource_MS
oval:org.mitre.oval:def:1943
vdb-entry
signature
x_refsource_OVAL
VU#187196
third-party-advisory
x_refsource_CERT-VN
oval:org.mitre.oval:def:956
vdb-entry
signature
x_refsource_OVAL
oval:org.mitre.oval:def:3514
vdb-entry
signature
x_refsource_OVAL
ie-showhelp-directory-traversal(14105)
vdb-entry
x_refsource_XF
20031230 IE 5.x-6.0 allows executing arbitrary programs using showHelp()
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now