Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing .. (dot dot) sequences and a filename that ends in :: which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug may overlap CVE-2004-0475.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Ie | Microsoft | 6-windows_server_2003_sp1 (including) | 6-windows_server_2003_sp1 (including) |
Ie | Microsoft | 6.0-sp1 (including) | 6.0-sp1 (including) |
Internet_explorer | Microsoft | 5 (including) | 5 (including) |
Internet_explorer | Microsoft | 5.5 (including) | 5.5 (including) |
Internet_explorer | Microsoft | 5.5-sp1 (including) | 5.5-sp1 (including) |
Internet_explorer | Microsoft | 5.5-sp2 (including) | 5.5-sp2 (including) |
Internet_explorer | Microsoft | 6.0 (including) | 6.0 (including) |