CVE-2002-0188

Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the second variant of the "Content Disposition" vulnerability.

Published: May 29, 2002
Updated: Apr 13, 2023
CVE: CVE-2002-0188
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
microsoft / internet_explorer	5.01	5.01.x
microsoft / internet_explorer	5.01-sp1	5.01-sp1.x
microsoft / internet_explorer	5.01-sp2	5.01-sp2.x
microsoft / internet_explorer	6.0	6.0.x

http://archives.neohapsis.com/archives/bugtraq/2002-05/0126.html
http://www.iss.net/security_center/static/9086.php
http://www.lac.co.jp/security/english/snsadv_e/48_e.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-023

Vulnerability Database

289,871

CVE-2002-0188