CVE-2005-3975

Priority
Untriaged
Description
Interpretation conflict in file.inc in Drupal 4.5.0 through 4.5.5 and 4.6.0
through 4.6.3 allows remote authenticated users to inject arbitrary web
script or HTML via HTML in a file with a GIF or JPEG file extension, which
causes the HTML to be executed by a victim who views the file in Internet
Explorer as a result of CVE-2005-3312. NOTE: it could be argued that this
vulnerability is due to a design flaw in Internet Explorer and the proper
fix should be in that browser; if so, then this should not be treated as a
vulnerability in Drupal.
References
Package
Upstream:needs-triage
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:16:45 UTC (commit 5347)