CVE-2001-1325

Internet Explorer 5.0 and 5.5, and Outlook Express 5.0 and 5.5, allow remote attackers to execute scripts when Active Scripting is disabled by including the scripts in XML stylesheets (XSL) that are referenced using an IFRAME tag, possibly due to a vulnerability in Windows Scripting Host (WSH).

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/2633	Exploit Patch Vendor Advisory
http://www.securityfocus.com/archive/1/3AE02004.57FDF958@guninski.com
https://exchange.xforce.ibmcloud.com/vulnerabilities/6448

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:internet_explorer:5.5:::::::*
	cpe:2.3:a:microsoft:outlook_express:5.0:::::::*
	cpe:2.3:a:microsoft:outlook_express:5.5:::::::*
	cpe:2.3:a:microsoft:internet_explorer:5.0:::::::*

Information

Published : 2001-04-19 21:00

Updated : 2021-07-23 05:18

NVD link : CVE-2001-1325

Mitre link : CVE-2001-1325

JSON object : View

CWE

NVD-CWE-Other

Products Affected

microsoft

outlook_express
internet_explorer

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/2633", "name": "2633", "tags": ["Exploit", "Patch", "Vendor Advisory"], "refsource": "BID"}, {"url": "http://www.securityfocus.com/archive/1/3AE02004.57FDF958@guninski.com", "name": "20010420 XML scripting in IE, Outlook Express", "tags": [], "refsource": "BUGTRAQ"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6448", "name": "ie-xml-stylesheets-scripting(6448)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Internet Explorer 5.0 and 5.5, and Outlook Express 5.0 and 5.5, allow remote attackers to execute scripts when Active Scripting is disabled by including the scripts in XML stylesheets (XSL) that are referenced using an IFRAME tag, possibly due to a vulnerability in Windows Scripting Host (WSH)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2001-1325", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2001-04-20T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:outlook_express:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:outlook_express:5.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2021-07-23T12:18Z"}

7.5 /10