Description
Internet Explorer 5.5 does not display the Class ID (CLSID) when it is at the end of the file name, which could allow attackers to trick the user into executing dangerous programs by making it appear that the document is of a safe file type.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Georgi Guninski · textremotewindows
https://www.exploit-db.com/exploits/20774
References (7)
Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/6426
Various Sources x_refsource_misc
http://www.guninski.com/clsidext.html
Exploit, Patch, Vendor Advisory x_refsource_misc
http://vil.nai.com/vil/virusSummary.asp?virus_k=99048
Various Sources x_refsource_misc
http://www.sarc.com/avcenter/venc/data/vbs.postcard%40mm.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/2612
Exploit, Patch, Vendor Advisory mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/176909
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/7858
Scores
EPSS
0.1725
EPSS Percentile
95.1%
Details
Status
published
Products (1)
microsoft/internet_explorer
5.5
Published
Sep 20, 2001
Tracked Since
Feb 18, 2026