CVE-2001-0091
First published: Fri Feb 16 2001(Updated: )
The ActiveX control for invoking a scriptlet in Internet Explorer 5.0 through 5.5 renders arbitrary file types instead of HTML, which allows an attacker to read arbitrary files, aka a variant of the "Scriptlet Rendering" vulnerability.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Internet Explorer | =4.0 | |
| Internet Explorer | =5.0 | |
| Internet Explorer | =5.01 | |
| Internet Explorer | =5.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2001-0091?
CVE-2001-0091 is considered a critical severity vulnerability that allows unauthorized access to arbitrary files.
How does CVE-2001-0091 exploit work?
CVE-2001-0091 exploits Internet Explorer by rendering arbitrary file types instead of HTML, enabling attackers to read sensitive files.
Which versions of Internet Explorer are affected by CVE-2001-0091?
CVE-2001-0091 affects Internet Explorer versions 4.0, 5.0, 5.01, and 5.5.
How do I fix CVE-2001-0091?
To fix CVE-2001-0091, update your Internet Explorer to the latest version that is no longer vulnerable to this exploit.
Can CVE-2001-0091 be mitigated?
Mitigation for CVE-2001-0091 includes disabling the ActiveX controls or using alternative web browsers that are not vulnerable.
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/references
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/microsoft
- canonical/internet explorer
- version/internet explorer/4.0
- version/internet explorer/5.0
- version/internet explorer/5.01
- version/internet explorer/5.5