Published: 26/11/2001 Updated: 23/07/2021

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 760

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Internet Explorer 5.5 and 6.0 allows remote malicious users to cause the File Download dialogue box to misrepresent the name of the file in the dialogue in a way that could fool users into thinking that the file type is safe to download.

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft internet explorer 5.5
microsoft internet explorer 6.0

source: wwwsecurityfocuscom/bid/3597/info It is possible for a malicious webmaster, hosting files on an website, to spoof file extensions for users of Internet Explorer For example, an exe file can be made to look like a txt (or other seemingly harmless file type) file in the Download dialog When including a certain string of charact ...

Orginal Advisory and exploit by cyber_flash (Vengy) Circumvent Windows XP SP2 security features using execCommand 'SaveAs' function! Demonstration: Notice that you don't receive any warning messages such as: "File Download - Security Warning" or "Open File - Security Warning" If "Hide file extensions for known file types" (Tools->Folder O ...

NVD-CWE-Other http://www.securityfocus.com/archive/1/245594 http://www.securityfocus.com/bid/3597 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1014 https://exchange.xforce.ibmcloud.com/vulnerabilities/7636 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-058 https://nvd.nist.gov https://www.exploit-db.com/exploits/21164/https://www.kb.cert.org/vuls/id/457787

CVE-2001-0875

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect