Argument injection vulnerability in Internet Explorer 6...
Moderate severity
Unreviewed
Published
May 1, 2022
to the GitHub Advisory Database
•
Updated Feb 22, 2024
Description
Published by the National Vulnerability Database
Apr 26, 2006
Published to the GitHub Advisory Database
May 1, 2022
Last updated
Feb 22, 2024
Argument injection vulnerability in Internet Explorer 6 for Windows XP SP2 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API.
References