• CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
The rendering engine in Internet Explorer determines the MIME type independently of the type that is specified by the server, which allows remote servers to automatically execute script which is placed in a file whose MIME type does not normally support scripting, such as text (.txt), JPEG (.jpg), etc.
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
Assigning CNA
MITRE Corporation
Date Record Created
20010907 Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Proposed (20011012)
Votes (Legacy)
ACCEPT(2) Baker, Cole
NOOP(1) Armstrong
REJECT(2) Foat, Frech
Comments (Legacy)
 Baker> I would argue that a browser executing a script when it shouldn't is still a vulnerability.  If it is supposed to be a non-scriptable file type, and that fails, resulting in a script being executed without the user's knowledge, then it is a problem, and thus should be included as a vulnerability.  I vote this should be accepted, and if Microsoft acknowledges this in their follow up, then you have vendor acknowledgement of the problem as well.
 Foat> The candidate does not meet the criteria for a vulnerability or 
   exposure, even though it describes an unexpected behavior.

Proposed (Legacy)
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.