Internet Explorer 5.01 through 6.0 allows remote attackers to identify the path to the Temporary Internet Files folder and obtain user information such as cookies via certain uses of the OBJECT tag, which are not subjected to the proper security checks, aka Temporary Internet Files folders Name Reading.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Internet_explorer | Microsoft | 5.0.1 (including) | 5.0.1 (including) |
| Internet_explorer | Microsoft | 5.0.1-sp1 (including) | 5.0.1-sp1 (including) |
| Internet_explorer | Microsoft | 5.0.1-sp2 (including) | 5.0.1-sp2 (including) |
| Internet_explorer | Microsoft | 5.5 (including) | 5.5 (including) |
| Internet_explorer | Microsoft | 5.5-sp1 (including) | 5.5-sp1 (including) |
| Internet_explorer | Microsoft | 5.5-sp2 (including) | 5.5-sp2 (including) |
| Internet_explorer | Microsoft | 6.0 (including) | 6.0 (including) |
References
- http://marc.info/?l=bugtraq\u0026m=103184415307193\u0026w=2
- http://www.ciac.org/ciac/bulletins/n-018.shtml
- http://www.iss.net/security_center/static/10665.php
- http://www.securityfocus.com/bid/6217
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A444
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A690
- http://marc.info/?l=bugtraq\u0026m=103184415307193\u0026w=2
- http://www.ciac.org/ciac/bulletins/n-018.shtml
- http://www.iss.net/security_center/static/10665.php
- http://www.securityfocus.com/bid/6217
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A444
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A690