A vulnerability has been found in Microsoft Internet Explorer 5.0 (Web Browser) and classified as critical. Affected by this vulnerability is an unknown part of the component Javascript. The manipulation with an unknown input leads to a privileges management vulnerability. The CWE definition for the vulnerability is CWE-269. The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. As an impact it is known to affect confidentiality. The summary by CVE is:

Internet Explorer 5.0, and possibly other versions, may allow remote attackers (malicious web pages) to read known text files from a client s hard drive via a SCRIPT tag with a SRC value that points to the text file.

The issue has been introduced in 06/02/1998. The weakness was released 12/06/2001 (Website). It is possible to read the advisory at securityfocus.com. This vulnerability is known as CVE-2001-0807. The attack can be launched remotely. The exploitation doesn't need any form of authentication. It demands that the victim is doing some kind of user interaction. The technical details are unknown and an exploit is not publicly available. The attack technique deployed by this issue is T1068 according to MITRE ATT&CK.

The vulnerability was handled as a non-public zero-day exploit for at least 1283 days. During that time the estimated underground price was around $25k-$100k.

Upgrading eliminates this vulnerability.

The vulnerability is also documented in the vulnerability database at X-Force (6688).

Productinfo

Type

• Web Browser

Vendor

• Microsoft

Name

• Internet Explorer

Version

• 5.0

License

• commercial

Support

• end of life

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion