Arbitrary Code Execution via Web Folder Component in Internet Explorer 5.5 and 6.0

Arbitrary Code Execution via Web Folder Component in Internet Explorer 5.5 and 6.0

CVE-2002-0980 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

The Web Folder component for Internet Explorer 5.5 and 6.0 writes an error message to a known location in the temporary folder, which allows remote attackers to execute arbitrary code by injecting it into the error message, then referring to the error message file via a mhtml: URL.

Learn more about our Web App Pen Testing.