CVE-2001-0667

Internet Explorer 6 and earlier, when used with the Telnet client in Services for Unix (SFU) 2.0, allows remote attackers to execute commands by spawning Telnet with a log file option on the command line and writing arbitrary code into an executable file which is later executed, aka a new variant of the Telnet Invocation vulnerability as described in CVE-2001-0150.
Configurations

Configuration 1 (hide)

cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*

History

13 Feb 2024, 17:56

Type Values Removed Values Added
References (MS) https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-051 - (MS) https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-051 - Patch, Vendor Advisory
References (CERT-VN) http://www.kb.cert.org/vuls/id/952611 - US Government Resource (CERT-VN) http://www.kb.cert.org/vuls/id/952611 - Third Party Advisory, US Government Resource
References (CIAC) http://www.ciac.org/ciac/bulletins/m-024.shtml - (CIAC) http://www.ciac.org/ciac/bulletins/m-024.shtml - Broken Link
References (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/7260 - (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/7260 - Third Party Advisory, VDB Entry
CWE NVD-CWE-Other CWE-88
First Time Microsoft internet Explorer
CPE cpe:2.3:a:microsoft:ie:*:windows_server_2003_sp1:*:*:*:*:*:* cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*

Information

Published : 2001-10-30 05:00

Updated : 2024-02-28 10:24


NVD link : CVE-2001-0667

Mitre link : CVE-2001-0667

CVE.ORG link : CVE-2001-0667


JSON object : View

Products Affected

microsoft

  • internet_explorer
CWE
CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')