Required CVE Record Information
Description
Internet Explorer 5.01 SP3 through 6.0 SP1 does not properly determine object types that are returned by web servers, which could allow remote attackers to execute arbitrary code via an object tag with a data parameter to a malicious file hosted on a server that returns an unsafe Content-Type, aka the "Object Type" vulnerability.
References 5 Total
- kb.cert.org: VU#865940 third-party-advisory
- docs.microsoft.com: MS03-032 vendor-advisory
- http://www.eeye.com/html/Research/Advisories/AD20030820.html
- archives.neohapsis.com: 20030820 EEYE: Internet Explorer Object Data Remote Execution Vulnerability mailing-list
- marc.info: 20030820 EEYE: Internet Explorer Object Data Remote Execution Vulnerability mailing-list
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 5 Total
- kb.cert.org: VU#865940 third-party-advisoryx_transferred
- docs.microsoft.com: MS03-032 vendor-advisoryx_transferred
- http://www.eeye.com/html/Research/Advisories/AD20030820.html x_transferred
- archives.neohapsis.com: 20030820 EEYE: Internet Explorer Object Data Remote Execution Vulnerability mailing-listx_transferred
- marc.info: 20030820 EEYE: Internet Explorer Object Data Remote Execution Vulnerability mailing-listx_transferred