CVE-2003-1028Microsoft Internet Explorer vulnerability

3 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
17.8%
top 4.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft IEMicrosoft Internet Explorer
Timeline
PublishedJan 20
Latest updateApr 29

Description

The download function of Internet Explorer 6 SP1 allows remote attackers to obtain the cache directory name via an HTTP response with an invalid ContentType and a .htm file, which could allow remote attackers to bypass security mechanisms that rely on random names, as demonstrated by threadid10008.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

NVDmicrosoft/internet_explorer4 versions+3
NVDmicrosoft/ie6.0

🔴Vulnerability Details

2
GHSA
GHSA-v9gj-ppgh-f5c9: The download function of Internet Explorer 6 SP1 allows remote attackers to obtain the cache directory name via an HTTP response with an invalid Conte2022-04-29
CVEList
CVE-2003-1028: The download function of Internet Explorer 6 SP1 allows remote attackers to obtain the cache directory name via an HTTP response with an invalid Conte2004-01-08
CVE-2003-1028 — Microsoft vulnerability | cvebase