Vulnerability Details CVE-2003-1028
The download function of Internet Explorer 6 SP1 allows remote attackers to obtain the cache directory name via an HTTP response with an invalid ContentType and a .htm file, which could allow remote attackers to bypass security mechanisms that rely on random names, as demonstrated by threadid10008.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.149
EPSS Ranking 94.2%
CVSS Severity
CVSS v2 Score 5.0
References
- http://marc.info/?l=bugtraq&m=106979428718705&w=2
- http://marc.info/?l=bugtraq&m=106979624321665&w=2
- http://marc.info/?l=bugtraq&m=107038202225587&w=2
- http://www.osvdb.org/7890
- http://www.safecenter.net/UMBRELLAWEBV4/threadid10008
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13847
- http://marc.info/?l=bugtraq&m=106979428718705&w=2
- http://marc.info/?l=bugtraq&m=106979624321665&w=2
- http://marc.info/?l=bugtraq&m=107038202225587&w=2
- http://www.osvdb.org/7890
- http://www.safecenter.net/UMBRELLAWEBV4/threadid10008
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13847
Products affected by CVE-2003-1028
-
cpe:2.3:a:microsoft:ie:6.0
-
cpe:2.3:a:microsoft:internet_explorer:5.0
-
cpe:2.3:a:microsoft:internet_explorer:5.0.1
-
cpe:2.3:a:microsoft:internet_explorer:5.5
-
cpe:2.3:a:microsoft:internet_explorer:6.0