Search criteria
3 vulnerabilities found for windows_script_host by microsoft
FKIE_CVE-2001-0002
Vulnerability from fkie_nvd - Published: 2001-07-21 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Internet Explorer 5.5 and earlier allows remote attackers to obtain the physical location of cached content and open the content in the Local Computer Zone, then use compiled HTML help (.chm) files to execute arbitrary programs.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | internet_explorer | * | |
| microsoft | internet_explorer | 5.01 | |
| microsoft | windows_script_host | 5.1 | |
| microsoft | windows_script_host | 5.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7BDFCFCB-6E90-4F29-9852-A3099DF05843",
"versionEndIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*",
"matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:windows_script_host:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D774C5CD-AD4A-42F9-B624-968A0C1DDE2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:windows_script_host:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CF47D9C0-6521-427A-A1EB-3BFA2BD37733",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 5.5 and earlier allows remote attackers to obtain the physical location of cached content and open the content in the Local Computer Zone, then use compiled HTML help (.chm) files to execute arbitrary programs."
}
],
"id": "CVE-2001-0002",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-07-21T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.guninski.com/chmtempmain.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/7823"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/2456"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-015"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5567"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A920"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.guninski.com/chmtempmain.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/7823"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/2456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5567"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A920"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2001-0002 (GCVE-0-2001-0002)
Vulnerability from cvelistv5 – Published: 2001-05-07 04:00 – Updated: 2024-08-08 04:06
VLAI?
Summary
Internet Explorer 5.5 and earlier allows remote attackers to obtain the physical location of cached content and open the content in the Local Computer Zone, then use compiled HTML help (.chm) files to execute arbitrary programs.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:06:54.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:920",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A920"
},
{
"name": "7823",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/7823"
},
{
"name": "MS01-015",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-015"
},
{
"name": "ie-chm-execute-files(5567)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5567"
},
{
"name": "2456",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/2456"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.guninski.com/chmtempmain.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-03-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 5.5 and earlier allows remote attackers to obtain the physical location of cached content and open the content in the Local Computer Zone, then use compiled HTML help (.chm) files to execute arbitrary programs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-09-02T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oval:org.mitre.oval:def:920",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A920"
},
{
"name": "7823",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/7823"
},
{
"name": "MS01-015",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-015"
},
{
"name": "ie-chm-execute-files(5567)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5567"
},
{
"name": "2456",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/2456"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.guninski.com/chmtempmain.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0002",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Explorer 5.5 and earlier allows remote attackers to obtain the physical location of cached content and open the content in the Local Computer Zone, then use compiled HTML help (.chm) files to execute arbitrary programs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:920",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A920"
},
{
"name": "7823",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/7823"
},
{
"name": "MS01-015",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-015"
},
{
"name": "ie-chm-execute-files(5567)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5567"
},
{
"name": "2456",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2456"
},
{
"name": "http://www.guninski.com/chmtempmain.html",
"refsource": "MISC",
"url": "http://www.guninski.com/chmtempmain.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0002",
"datePublished": "2001-05-07T04:00:00",
"dateReserved": "2001-01-04T00:00:00",
"dateUpdated": "2024-08-08T04:06:54.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0002 (GCVE-0-2001-0002)
Vulnerability from nvd – Published: 2001-05-07 04:00 – Updated: 2024-08-08 04:06
VLAI?
Summary
Internet Explorer 5.5 and earlier allows remote attackers to obtain the physical location of cached content and open the content in the Local Computer Zone, then use compiled HTML help (.chm) files to execute arbitrary programs.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:06:54.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:920",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A920"
},
{
"name": "7823",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/7823"
},
{
"name": "MS01-015",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-015"
},
{
"name": "ie-chm-execute-files(5567)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5567"
},
{
"name": "2456",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/2456"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.guninski.com/chmtempmain.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-03-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer 5.5 and earlier allows remote attackers to obtain the physical location of cached content and open the content in the Local Computer Zone, then use compiled HTML help (.chm) files to execute arbitrary programs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-09-02T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oval:org.mitre.oval:def:920",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A920"
},
{
"name": "7823",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/7823"
},
{
"name": "MS01-015",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-015"
},
{
"name": "ie-chm-execute-files(5567)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5567"
},
{
"name": "2456",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/2456"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.guninski.com/chmtempmain.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0002",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Explorer 5.5 and earlier allows remote attackers to obtain the physical location of cached content and open the content in the Local Computer Zone, then use compiled HTML help (.chm) files to execute arbitrary programs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:920",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A920"
},
{
"name": "7823",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/7823"
},
{
"name": "MS01-015",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-015"
},
{
"name": "ie-chm-execute-files(5567)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5567"
},
{
"name": "2456",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2456"
},
{
"name": "http://www.guninski.com/chmtempmain.html",
"refsource": "MISC",
"url": "http://www.guninski.com/chmtempmain.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0002",
"datePublished": "2001-05-07T04:00:00",
"dateReserved": "2001-01-04T00:00:00",
"dateUpdated": "2024-08-08T04:06:54.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}