The Web Folder component for Internet Explorer 5.5 and 6.0 writes an error message to a known location in the temporary folder, which allows remote malicious users to execute arbitrary code by injecting it into the error message, then referring to the error message file via a mhtml: URL.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft internet explorer 5.5 |
||
microsoft internet explorer 6.0 |