CVE-2003-1041

Name: CVE-2003-1041
Creator: NVD / NIST
Published: 2004-06-14T04:00:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 52.61%

Last modified Jun 16, 2026

CVE-2003-1041 is a vulnerability of currently unknown severity. Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug may overlap CVE-2004-0475.. EPSS estimates a 52.61% chance of exploitation in the next 30 days.

Description

Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug may overlap CVE-2004-0475.

Metrics

EPSS Probability

52.61%

98.8th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions	Update
Microsoft	Ie	6	Windows Server 2003 Sp1
Microsoft	Ie	6.0	Sp1
Microsoft	Internet Explorer	5	—
Microsoft	Internet Explorer	5.5	—
Microsoft	Internet Explorer	6.0	—

References

http://www.kb.cert.org/vuls/id/187196US Government Resource
http://www.securityfocus.com/archive/1/348521Exploit, Vendor Advisory
http://www.securityfocus.com/bid/9320Exploit, Vendor Advisory
http://www.us-cert.gov/cas/techalerts/TA04-196A.htmlThird Party Advisory, US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-023
https://exchange.xforce.ibmcloud.com/vulnerabilities/14105
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1186
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1943
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3514
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A956
http://www.kb.cert.org/vuls/id/187196US Government Resource
http://www.securityfocus.com/archive/1/348521Exploit, Vendor Advisory
http://www.securityfocus.com/bid/9320Exploit, Vendor Advisory
http://www.us-cert.gov/cas/techalerts/TA04-196A.htmlThird Party Advisory, US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-023
https://exchange.xforce.ibmcloud.com/vulnerabilities/14105
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1186
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1943
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3514
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A956

Timeline

Published: Jun 14, 2004
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2003-1041?

How severe is CVE-2003-1041?

Severity scoring for CVE-2003-1041 is pending analysis. The EPSS model estimates a 52.61% probability of exploitation in the next 30 days.

How do I fix CVE-2003-1041?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2003-1041?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST