The ActiveX control for invoking a scriptlet in Internet Explorer 5.0 up to and including 5.5 renders arbitrary file types instead of HTML, which allows an malicious user to read arbitrary files, aka a variant of the "Scriptlet Rendering" vulnerability.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft internet explorer 4.0 |
||
microsoft internet explorer 5.0 |
||
microsoft internet explorer 5.01 |
||
microsoft internet explorer 5.5 |