OVAL Repository - View Definition: oval:org.mitre.oval:def:99

OVAL Repository > View Definition

View Definition

NEW SEARCH : BACK

Definition Id: oval:org.mitre.oval:def:99		Version: 8 Last Modified: 2011-04-26
Title:	IE v6.0 Content Disposition/Type Arbitrary Code Execution
Description:	Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the first variant of the "Content Disposition" vulnerability.
Family:	windows	Class:	vulnerability
Status:	ACCEPTED	Reference(s):	CVE-2002-0193
Platform(s):	Microsoft Windows 2000	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
the version of mshtml.dll is less than 6.0.2716.2200 AND NOT the patch q321232 is installed (Installed Components key) AND NOT the patch q323759 is installed (Installed Components key) AND NOT the patch q328970 is installed (Installed Components key) AND NOT the patch q324929 is installed (Installed Components key) AND NOT the patch q810847 is installed (Installed Components key) AND NOT the patch q813489 is installed (Installed Components key) AND NOT the patch q818529 is installed (Installed Components key) AND NOT the patch q822925 is installed (Installed Components key) AND NOT the patch q828750 is installed (Installed Components key) AND NOT the patch q824145 is installed (Installed Components key) AND NOT Windows 2000 Service Pack 4 (or later) is installed Windows 2000 is installed AND SP4 or later Installed AND Internet Explorer 6 is installed

NEW SEARCH : BACK

OVAL Repository

About the Repository

OVAL Repository Forum

Author’s Resources

Items of Interest