• Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Microsoft Internet Explorer 5.01, 5.5 and 6.0 treats objects invoked on an HTML page with the codebase property as part of Local Computer zone, which allows remote attackers to invoke executables present on the local system through objects such as the popup object, aka the "Local Executable Invocation via Object tag" vulnerability.
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
Date Entry Created
20020221 Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Proposed (20020502)
Votes (Legacy)
ACCEPT(5) Armstrong, Cole, Foat, Green, Wall
MODIFY(1) Frech
NOOP(2) Christey, Cox
Comments (Legacy)
 Christey> Consider adding BID:3867
 Christey> According to Microsoft, the fix for this issue also addresses:
   BUGTRAQ:20020227 IE execution of arbitrary commands without Active Scripting or ActiveX (GM#001-IE)
   Need to add this reference (and/or double-check to make sure
   this is the right issue) and consider modifying the
   description accordingly, though on the surface there
   does not appear to be any close relation, since the
   GreyMagic bug deals with Data Source (DSO)
   for Data Binding with the dataFormatAs attribute set to HTML, then
   using innerHTML for script injection.
 Frech> XF:ie-codebase-execute-programs(7941)
 Christey> Add BID:3867

Proposed (Legacy)
This is an entry on the CVE list, which standardizes names for security problems.