CVE-2001-0667 — Argument Injection in Microsoft Internet Explorer

CWE-88 — Argument Injection3 documents3 sources

Severity

7.3HIGHNVD

EPSS

1.6%

top 18.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Internet Explorer

Timeline

PublishedOct 30

Latest updateApr 30

Description

Internet Explorer 6 and earlier, when used with the Telnet client in Services for Unix (SFU) 2.0, allows remote attackers to execute commands by spawning Telnet with a log file option on the command line and writing arbitrary code into an executable file which is later executed, aka a new variant of the Telnet Invocation vulnerability as described in CVE-2001-0150.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 3.9 | Impact: 3.4

Affected Packages1 packages

▶NVDmicrosoft/internet_explorer6.0

Patches

Patch: docs.microsoft.com ↗Patch: docs.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-42w8-jq8g-mg7m: Internet Explorer 6 and earlier, when used with the Telnet client in Services for Unix (SFU) 2↗2022-04-30

▶

📐Framework References

CWE

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')↗

▶