CVE

Id
4471  
CVE No.
CVE-2002-0077  
Status
Candidate  
Description
Microsoft Internet Explorer 5.01, 5.5 and 6.0 treats objects invoked on an HTML page with the codebase property as part of Local Computer zone, which allows remote attackers to invoke executables present on the local system through objects such as the popup object, aka the "Local Executable Invocation via Object tag" vulnerability.  
Phase
Proposed (20020502)  
Votes
ACCEPT(5) Armstrong, Cole, Foat, Green, Wall | MODIFY(1) Frech | NOOP(2) Christey, Cox  
Comments
Christey> Consider adding BID:3867 | Christey> According to Microsoft, the fix for this issue also addresses: | BUGTRAQ:20020227 IE execution of arbitrary commands without Active Scripting or ActiveX (GM#001-IE) | URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101496184505815&w=2 | | Need to add this reference (and/or double-check to make sure | this is the right issue) and consider modifying the | description accordingly, though on the surface there | does not appear to be any close relation, since the | GreyMagic bug deals with Data Source (DSO) | for Data Binding with the dataFormatAs attribute set to HTML, then | using innerHTML for script injection. | Frech> XF:ie-codebase-execute-programs(7941) | Christey> Add BID:3867  

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
21880 4471 CVE-2002-0077 BUGTRAQ:20020113 Internet Explorer Pop-Up OBJECT Tag Bug  View
21881 4471 CVE-2002-0077 URL:http://marc.info/?l=bugtraq&m=101103188711920&w=2  View
21882 4471 CVE-2002-0077 MS:MS02-015  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
63741 JVNDB-2002-000068 Microsoft Internet Explorer においてローカルコンピュータゾーンで任意のプログラムが実行される脆弱性 Microsoft Internet Explorer において、 HTML ドキュメントに Active スクリプトが埋め込まれている場合、任意のプログラムが実行できる脆弱性が存在します。 CVE-2002-0077 4471 7.5 http://jvndb.jvn.jp/ja/contents/2002/JVNDB-2002-000068.html  View