发布时间 :2002-05-29 00:00:00
修订时间 :2008-09-05 16:27:23

[原文]Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the second variant of the "Content Disposition" vulnerability.

[CNNVD]Microsoft Internet Explorer文件内容配置漏洞(CNNVD-200205-061)

        Microsoft Internet Explorer 5.01和6.0版本存在漏洞。攻击者可以借助畸形Content-Disposition和Content-Type头字段执行任意代码,该漏洞将会导致欺骗文件类型的应用程序将文件返回操作系统进行处理,而不是提交错误信息,也称为第二变量的“Content Disposition”漏洞

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:microsoft:ie:5.01:sp2Microsoft Internet Explorer 5.01 SP2
cpe:/a:microsoft:ie:5.01Microsoft Internet Explorer 5.01
cpe:/a:microsoft:ie:5.01:sp1Microsoft Internet Explorer 5.01 SP1
cpe:/a:microsoft:ie:6.0Microsoft Internet Explorer 6.0

- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(VENDOR_ADVISORY)  XF  ie-content-disposition-variant2(9086)
(UNKNOWN)  BUGTRAQ  20020516 [SNS Advisory No.48] Microsoft Internet Explorer Still Download And Execute ANY Program Automatically

- 漏洞信息

Microsoft Internet Explorer文件内容配置漏洞
高危 未知
2002-05-29 00:00:00 2005-10-12 00:00:00
        Microsoft Internet Explorer 5.01和6.0版本存在漏洞。攻击者可以借助畸形Content-Disposition和Content-Type头字段执行任意代码,该漏洞将会导致欺骗文件类型的应用程序将文件返回操作系统进行处理,而不是提交错误信息,也称为第二变量的“Content Disposition”漏洞

- 公告与补丁


- 漏洞信息

Microsoft IE Content-disposition Header Auto Download/Execute

- 漏洞描述

Microsoft Internet Explorer contains a flaw that allows a remote attacker to force a vulnerable IE browser to download and execute arbitrary files. The flaw is due to the way IE handles a specific Content-Type and Content-disposition header, specifically "audio/x-ms-wma". When the browser handles this content type, it will automatically download a file specified by the attacker and execute it on the local machine.

- 时间线

2002-03-18 Unknow
2002-03-18 Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

Unknown or Incomplete