The download function of Internet Explorer 6 SP1 allows remote attackers to obtain the cache directory name via an HTTP response with an invalid ContentType and a .htm file, which could allow remote attackers to bypass security mechanisms that rely on random names, as demonstrated by threadid10008.
Software | From | Fixed in |
---|---|---|
microsoft / internet_explorer | 5.0 | 5.0.x |
microsoft / internet_explorer | 5.0.1 | 5.0.1.x |
microsoft / internet_explorer | 5.0.1-sp1 | 5.0.1-sp1.x |
microsoft / internet_explorer | 5.0.1-sp2 | 5.0.1-sp2.x |
microsoft / internet_explorer | 5.0.1-sp3 | 5.0.1-sp3.x |
microsoft / internet_explorer | 5.5 | 5.5.x |
microsoft / internet_explorer | 5.5-sp1 | 5.5-sp1.x |
microsoft / internet_explorer | 5.5-sp2 | 5.5-sp2.x |
microsoft / internet_explorer | 6.0 | 6.0.x |
microsoft / ie | 6.0-sp1 | 6.0-sp1.x |