Microsoft Internet Explorer Content-Type字段任意文件执行漏洞

漏洞信息详情

Microsoft Internet Explorer Content-Type字段任意文件执行漏洞

• CNNVD编号：CNNVD-200203-012
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2002-0025
  
• 漏洞类型：
  
  
  设计错误
  
• 发布时间：
  
  2002-03-08
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-05-02
  
• 厂        商：
  
  microsoft
• 漏洞来源：
  This vulnerability…

Internet Explorer 5.01，5.5和6.0版本不能正确处理Content-Type HTML头文件。远程攻击者修改用来处理文档的应用。

Microsoft has released patches to address this issue:
Microsoft Internet Explorer 5.0.1 SP2

• Microsoft q316059_IE 5.01
  
  http://download.microsoft.com/download/ie501sp2/secpac25/5.01_sp2/NT5/
  EN-US/q316059.exe

Microsoft Internet Explorer 5.5 SP2

• Microsoft q316059_IE 5.5SP2
  
  http://download.microsoft.com/download/ie55sp2/secpac25/5.5_sp2/WIN98M
  e/EN-US/q316059.exe

Microsoft Internet Explorer 5.5 SP1

• Microsoft q316059_IE 5.5SP1
  
  http://download.microsoft.com/download/ie55sp1/secpac25/5.5_sp1/WIN98M
  e/EN-US/q316059.exe

Microsoft Internet Explorer 6.0

• Microsoft q316059_IE6
  
  http://download.microsoft.com/download/IE60/secpac25/6/W98NT42KMeXP/EN
  -US/q316059.exe

来源: MS
名称: MS02-005
链接:http://www.microsoft.com/technet/security/bulletin/ms02-005.asp

来源: XF
名称: ie-application-invocation(8118)
链接:http://xforce.iss.net/xforce/xfdb/8118

来源: BID
名称: 4085
链接:http://www.securityfocus.com/bid/4085

来源: BUGTRAQ
名称: 20020212 [ GFISEC04102001 ] Internet Explorer and Access allow macros to be executed automatically
链接:http://online.securityfocus.com/archive/1/255767