[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

255116

 
 

909

 
 

198683

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2003-1028Date: (C)2004-01-20   (M)2023-12-22


The download function of Internet Explorer 6 SP1 allows remote attackers to obtain the cache directory name via an HTTP response with an invalid ContentType and a .htm file, which could allow remote attackers to bypass security mechanisms that rely on random names, as demonstrated by threadid10008.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
http://marc.info/?l=bugtraq&m=106979624321665&w=2
http://marc.info/?l=bugtraq&m=106979428718705&w=2
http://marc.info/?l=bugtraq&m=107038202225587&w=2
OSVDB-7890
http://www.safecenter.net/UMBRELLAWEBV4/threadid10008
ie-download-directory-disclosure(13847)

© SecPod Technologies