VDB
CVE-2003-0532
CVE-2003-0532
PUBLISHED
CVSS 7.5 HIGH
Internet Explorer 5.01 SP3 through 6.0 SP1 does not properly determine object types that are returned by web servers, which could allow remote attackers to execute arbitrary code via an object tag with a data parameter to a malicious file hosted on a server that returns an unsafe Content-Type, aka the "Object Type" vulnerability.
EPSS 27.12% · 96.5th percentile
Risk Scores
CVSS 2.0
7.5
EPSS Score
27.12%
96.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| microsoft | ie | 6.0 |
| n/a | n/a | * |
| microsoft | internet_explorer | 5.0.1, 5.0.1, 5.5 |
Timeline
- Aug 22, 2003 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Oct 30, 2023 EPSS Score
- Dec 22, 2023 EPSS Score
References
- http://www.eeye.com/html/Research/Advisories/AD20030820.html url
- VU#865940 third-party-advisory
- MS03-032 vendor-advisory
- 20030820 EEYE: Internet Explorer Object Data Remote Execution Vulnerability mailing-list
- 20030820 EEYE: Internet Explorer Object Data Remote Execution Vulnerability mailing-list
- https://nvd.nist.gov/vuln/detail/CVE-2003-0532 advisory