|
| Description: | | Microsoft issued a security bulletin (MS01-020) announcing that, when rendering HTML-based e-mail messages that have incorrect MIME headers, Microsoft Internet Explorer may execute arbitrary code contained in an attachment to the email. There is a flaw in Internet Explorer's processing of certain "unusual" MIME types. This vulnerability enables an attacker to create an HTML-based email containing a header with one of the certain unusual MIME types and containing an executable attachment such that the Internet Explorer browser will automatically execute the attachment when processing the message. |
|
| Impact: | | An attacker can abtain more privileges which he is not entitled to by exloiting the vulnerability, such as executing arbitrary code, deleting files, viewing sensitive information, changing configurations. |
|
| Affected OS: | | Windows |
|
| Reference: | | MicrosoftSecurityBulletin:MS01-020
SecurityFocusBID:2524
|
|