CVE-ID

CVE-2001-0712

• Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Description
The rendering engine in Internet Explorer determines the MIME type independently of the type that is specified by the server, which allows remote servers to automatically execute script which is placed in a file whose MIME type does not normally support scripting, such as text (.txt), JPEG (.jpg), etc.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
Date Entry Created
20010907 Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Proposed (20011012)
Votes (Legacy)
ACCEPT(2) Baker, Cole
NOOP(1) Armstrong
REJECT(2) Foat, Frech
REVIEWING(1) Wall
Comments (Legacy)
 Baker> I would argue that a browser executing a script when it shouldn't is still a vulnerability.  If it is supposed to be a non-scriptable file type, and that fails, resulting in a script being executed without the user's knowledge, then it is a problem, and thus should be included as a vulnerability.  I vote this should be accepted, and if Microsoft acknowledges this in their follow up, then you have vendor acknowledgement of the problem as well.
 Foat> The candidate does not meet the criteria for a vulnerability or 
   exposure, even though it describes an unexpected behavior.

Proposed (Legacy)
20011012
This is an entry on the CVE list, which standardizes names for security problems.