CVE

Id
3520  
CVE No.
CVE-2001-0712  
Status
Candidate  
Description
The rendering engine in Internet Explorer determines the MIME type independently of the type that is specified by the server, which allows remote servers to automatically execute script which is placed in a file whose MIME type does not normally support scripting, such as text (.txt), JPEG (.jpg), etc.  
Phase
Proposed (20011012)  
Votes
ACCEPT(2) Baker, Cole | NOOP(1) Armstrong | REJECT(2) Foat, Frech | REVIEWING(1) Wall  
Comments
Baker> I would argue that a browser executing a script when it shouldn"t is still a vulnerability. If it is supposed to be a non-scriptable file type, and that fails, resulting in a script being executed without the user"s knowledge, then it is a problem, and thus should be included as a vulnerability. I vote this should be accepted, and if Microsoft acknowledges this in their follow up, then you have vendor acknowledgement of the problem as well. | Foat> The candidate does not meet the criteria for a vulnerability or | exposure, even though it describes an unexpected behavior.  

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
15383 3520 CVE-2001-0712 BUGTRAQ:20010727 TXT or HTML? -- IE NEW BUG  View
15384 3520 CVE-2001-0712 URL:http://www.securityfocus.com/archive/1/200109  View
15385 3520 CVE-2001-0712 BUGTRAQ:20010729 Re: TXT or HTML? -- IE NEW BUG  View
15386 3520 CVE-2001-0712 URL:http://www.securityfocus.com/archive/1/200291  View
15387 3520 CVE-2001-0712 BID:3116  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
64130 JVNDB-2001-000104 Microsoft Internet Explorer の レンダリングエンジンにおける任意のスクリプトを実行される脆弱性 特定のバージョンの Microsoft Internet Explorer には、悪意あるスクリプトを実行してしまう脆弱性が存在します。 CVE-2001-0712 3520 7.5 http://jvndb.jvn.jp/ja/contents/2001/JVNDB-2001-000104.html  View