header-logo
Suggest Exploit
vendor:
Internet Explorer
by:
SecurityFocus
8.3
CVSS
HIGH
Microsoft Internet Explorer mms: URI Protocol Handler Command Line Argument Injection
94
CWE
Product Name: Internet Explorer
Affected Version From: Microsoft Internet Explorer 5.5
Affected Version To: Microsoft Internet Explorer 6.0
Patch Exists: YES
Related CWE: CVE-2002-0649
CPE: a:microsoft:internet_explorer
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2002

Microsoft Internet Explorer mms: URI Protocol Handler Command Line Argument Injection

A vulnerability has been reported in Microsoft Internet Explorer that may allow remote attackers to pass arbitrary command line arguments to an application associated with the mms: URI protocol handler. This vulnerability could be exploited from a malicious web page or HTML email, and could result in loss or compromise of various security properties.

Mitigation:

Microsoft has released a patch to address this issue.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10879/info

A vulnerability has been reported to exist in Microsoft Internet Explorer that may allow remote attackers to pass arbitrary command line arguments to an application associated with the mms: URI protocol handler. Windows Media Player is the application normally associated with this URI protocol handler. 

This vulnerability would permit an attacker to influence the invocation arguments for the executable and could result in loss of compromise of various security properties. This may be exploited from a malicious Web page or possibly through HTML email.

It is not known if this issue is specific to the mms: URI protocol handler or if other URI protocol handlers on the system may be similarly affected. This vulnerability could be a general issue in Internet Explorer with many possible attack vectors, although there is not enough information available at this time to make this determination.

<A HREF=mms:\\."%20/layout%20c>TRY IT</A>

Navigation

Suggest Exploit

Services By CQR