CVE DATABASE / CVE-2001-0667
CVE-2001-0667
CVSS 7.3 · HIGH
Summary
Internet Explorer 6 and earlier, when used with the Telnet client in Services for Unix (SFU) 2.0, allows remote attackers to execute commands by spawning Telnet with a log file option on the command line and writing arbitrary code into an executable file which is later executed, aka a new variant of the Telnet Invocation vulnerability as described in CVE-2001-0150.
CVSS 3.1 breakdown
| Base score | 7.3 (HIGH) |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
| Attack vector | NETWORK |
| Attack complexity | LOW |
| Privileges required | NONE |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | LOW |
| Integrity | LOW |
| Availability | LOW |
Weakness type (CWE)
Affected products
Microsoft internet explorer
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://www.ciac.org/ciac/bulletins/m-024.shtml
- http://www.kb.cert.org/vuls/id/952611
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-051
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7260
Data: NIST NVD. NVD last modified 2026-04-16. Always verify against the vendor advisory before acting.