Vulnerability Description
The web-based folder display capability in Microsoft Internet Explorer 5.5 on Windows 98 allows local users to insert Trojan horse programs by modifying the Folder.htt file and using the InvokeVerb method in the ShellDefView ActiveX control to specify a default execute option for the first file that is listed in the folder.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows 2000 | All versions |
| Microsoft | Windows 98 | All versions |
| Microsoft | Windows 98Se | All versions |
References
- http://www.securityfocus.com/bid/1571Vendor Advisory
- http://www.securityfocus.com/templates/archive.pike?list=1&msg=3998370D.732A03F1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5097
- http://www.securityfocus.com/bid/1571Vendor Advisory
- http://www.securityfocus.com/templates/archive.pike?list=1&msg=3998370D.732A03F1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5097
FAQ
What is CVE-2000-0790?
CVE-2000-0790 is a vulnerability with a CVSS score of 4.6 (MEDIUM). The web-based folder display capability in Microsoft Internet Explorer 5.5 on Windows 98 allows local users to insert Trojan horse programs by modifying the Folder.htt file and using the InvokeVerb me...
How severe is CVE-2000-0790?
CVE-2000-0790 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2000-0790?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 2000, Microsoft Windows 98, Microsoft Windows 98Se.