The ActiveX control for invoking a scriptlet in Internet Explorer 5.0 through 5.5 renders arbitrary file types instead of HTML, which allows an attacker to read arbitrary files, aka a variant of the Scriptlet Rendering vulnerability.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Internet_explorer | Microsoft | 4.0 | 4.0 |
Internet_explorer | Microsoft | 5.0 | 5.0 |
Internet_explorer | Microsoft | 5.01 | 5.01 |
Internet_explorer | Microsoft | 5.5 | 5.5 |