Vulnerability Description
Internet Explorer 5.01 SP3 through 6.0 SP1 does not properly determine object types that are returned by web servers, which could allow remote attackers to execute arbitrary code via an object tag with a data parameter to a malicious file hosted on a server that returns an unsafe Content-Type, aka the "Object Type" vulnerability.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Ie | 6.0 |
| Microsoft | Internet Explorer | 5.0.1 |
References
- http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0084.htmlExploitVendor Advisory
- http://marc.info/?l=bugtraq&m=106149026621753&w=2
- http://www.eeye.com/html/Research/Advisories/AD20030820.html
- http://www.kb.cert.org/vuls/id/865940Third Party AdvisoryUS Government Resource
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-03
- http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0084.htmlExploitVendor Advisory
- http://marc.info/?l=bugtraq&m=106149026621753&w=2
- http://www.eeye.com/html/Research/Advisories/AD20030820.html
- http://www.kb.cert.org/vuls/id/865940Third Party AdvisoryUS Government Resource
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-03
FAQ
What is CVE-2003-0532?
CVE-2003-0532 is a vulnerability with a CVSS score of 7.5 (HIGH). Internet Explorer 5.01 SP3 through 6.0 SP1 does not properly determine object types that are returned by web servers, which could allow remote attackers to execute arbitrary code via an object tag wit...
How severe is CVE-2003-0532?
CVE-2003-0532 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-0532?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Ie, Microsoft Internet Explorer.