CVE-2002-1188

Internet Explorer 5.01 through 6.0 allows remote attackers to identify the path to the Temporary Internet Files folder and obtain user information such as cookies via certain uses of the OBJECT tag, which are not subjected to the proper security checks, aka "Temporary Internet Files folders Name Reading."

Published: Dec 11, 2002
Updated: Apr 13, 2023
CVE: CVE-2002-1188
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
microsoft / internet_explorer	5.5-sp2	5.5-sp2.x
microsoft / internet_explorer	5.0.1	5.0.1.x
microsoft / internet_explorer	5.0.1-sp2	5.0.1-sp2.x
microsoft / internet_explorer	5.0.1-sp1	5.0.1-sp1.x
microsoft / internet_explorer	5.5	5.5.x
microsoft / internet_explorer	5.5-sp1	5.5-sp1.x
microsoft / internet_explorer	6.0	6.0.x

http://marc.info/?l=bugtraq&m=103184415307193&w=2
http://www.ciac.org/ciac/bulletins/n-018.shtml
http://www.iss.net/security_center/static/10665.php
http://www.securityfocus.com/bid/6217
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A444
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A690

Vulnerability Database

289,871

CVE-2002-1188