CVE ID:	CVE-2003-1041
Description:	Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug may overlap CVE-2004-0475.
Test IDs:	None available
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2003-1041 Bugtraq: 20031230 IE 5.x-6.0 allows executing arbitrary programs using showHelp() (Google Search) http://www.securityfocus.com/archive/1/348521 Microsoft Security Bulletin: MS04-023 http://www.microsoft.com/technet/security/bulletin/ms04-023.asp Cert/CC Advisory: TA04-196A http://www.us-cert.gov/cas/techalerts/TA04-196A.html CERT/CC vulnerability note: VU#187196 http://www.kb.cert.org/vuls/id/187196 XForce ISS Database: ie-showhelp-directory-traversal(14105) http://xforce.iss.net/xforce/xfdb/14105 BugTraq ID: 9320 http://www.securityfocus.com/bid/9320 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1186 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1943 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:3514 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:956

New User Registration Email: UserID: Passwd: Please email me your monthly newsletters, informing the latest services, improvements & surveys. Please email me a vulnerability test announcement whenever a new test is added.     Privacy

Registered User Login   UserID:     Passwd:     Forgot userid or passwd? Email/Userid: