Reported March 29, 2001, by Microsoft.
VERSIONS AFFECTED
- Internet Explorer 5.01 and 5.5
DESCRIPTION
By modifying the MIME header in
the email message, a malicious attacker can cause Internet Explorer (IE) to
automatically launch attachments. An attacker can instigate such an attack by
embedding a malicious email message in a Web site, or by sending email directly
to a user.
VENDOR RESPONSE
Microsoft has issued security bulletin MS01-020 and a fix to address this vulnerability.
CREDITDiscovered by Juan Carlos Cuartango.
0 comments
Hide comments