Microsoft » Internet Explorer » 5.5 sp2 : Security Vulnerabilities, CVEs, Published In 2004 (Directory traversal)
Directory traversal vulnerability in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote malicious FTP servers to overwrite arbitrary files via .. (dot dot) sequences in filenames returned from a LIST command.
Max CVSS
5.0
EPSS Score
95.62%
Published
2004-12-30
Updated
2021-07-23
Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug may overlap CVE-2004-0475.
Max CVSS
7.5
EPSS Score
44.28%
Published
2004-06-14
Updated
2021-07-23
Microsoft Internet Explorer allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Internet Explorer to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.
Max CVSS
7.5
EPSS Score
1.22%
Published
2004-04-15
Updated
2021-07-23
3 vulnerabilities found