The "download behavior" in Internet Explorer 5 allows remote attackers to read arbitrary files via a server-side redirect.
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Link | Tags |
---|---|
http://www.securityfocus.com/bid/674 | vdb entry |
https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-040 | vendor advisory |
http://www.ciac.org/ciac/bulletins/k-002.shtml | third party advisory government resource |
http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ242542 | vendor advisory |
http://www.kb.cert.org/vuls/id/37828 | third party advisory us government resource |
http://www.osvdb.org/11274 | vdb entry |