CVE-2002-0193

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer versions 5.01 through 6.0

Description The issue allows remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields. This occurs because the application for the spoofed file type passes the file back to the operating system for handling rather than raising an error message.

Recommendations For Microsoft Internet Explorer versions 5.01 through 6.0, consider applying configuration changes to handle malformed Content-Disposition and Content-Type header fields properly, such as raising an error message instead of passing the file to the operating system. At the moment, there is no information about a newer version that contains a fix for this vulnerability.