Vulnerability Description
Internet Explorer 5.5 does not display the Class ID (CLSID) when it is at the end of the file name, which could allow attackers to trick the user into executing dangerous programs by making it appear that the document is of a safe file type.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Internet Explorer | 5.5 |
References
- http://vil.nai.com/vil/virusSummary.asp?virus_k=99048ExploitPatchVendor Advisory
- http://www.guninski.com/clsidext.html
- http://www.osvdb.org/7858
- http://www.sarc.com/avcenter/venc/data/vbs.postcard%40mm.html
- http://www.securityfocus.com/archive/1/176909ExploitPatchVendor Advisory
- http://www.securityfocus.com/bid/2612
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6426
- http://vil.nai.com/vil/virusSummary.asp?virus_k=99048ExploitPatchVendor Advisory
- http://www.guninski.com/clsidext.html
- http://www.osvdb.org/7858
- http://www.sarc.com/avcenter/venc/data/vbs.postcard%40mm.html
- http://www.securityfocus.com/archive/1/176909ExploitPatchVendor Advisory
- http://www.securityfocus.com/bid/2612
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6426
FAQ
What is CVE-2001-0643?
CVE-2001-0643 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Internet Explorer 5.5 does not display the Class ID (CLSID) when it is at the end of the file name, which could allow attackers to trick the user into executing dangerous programs by making it appear ...
How severe is CVE-2001-0643?
CVE-2001-0643 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2001-0643?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Internet Explorer.