Internet Explorer 5.x does not warn a user before opening a Microsoft Access database file that is referenced within ActiveX OBJECT tags in an HTML document, which could allow remote attackers to execute arbitrary commands, aka the IE Script vulnerability.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Internet_explorer | Microsoft | 4.0.1-sp2 (including) | 4.0.1-sp2 (including) |
| Internet_explorer | Microsoft | 5 (including) | 5 (including) |
References
- http://www.cert.org/advisories/CA-2000-16.html
- http://www.securityfocus.com/bid/1398
- http://www.securityfocus.com/templates/archive.pike?list=1\u0026msg=000d01bfe0fb%24418f59b0%2496217aa8%40src.bu.edu
- http://www.securityfocus.com/templates/archive.pike?list=1\u0026msg=39589359.762392DB%40nat.bg
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-049
- http://www.cert.org/advisories/CA-2000-16.html
- http://www.securityfocus.com/bid/1398
- http://www.securityfocus.com/templates/archive.pike?list=1\u0026msg=000d01bfe0fb%24418f59b0%2496217aa8%40src.bu.edu
- http://www.securityfocus.com/templates/archive.pike?list=1\u0026msg=39589359.762392DB%40nat.bg
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-049