| ID |
CVE-2002-1217
|
| Summary |
Cross-Frame scripting vulnerability in the WebBrowser control as used in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code, read arbitrary files, or conduct other unauthorized activities via script that accesses the Document property, which bypasses <frame> and <iframe> domain restrictions. |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
|
| CVSS |
| Base: | 7.5 (as of 23-07-2021 - 12:55) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| PARTIAL |
PARTIAL |
PARTIAL |
|
| cvss-vector
via4
|
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| oval
via4
|
| accepted | 2014-02-24T04:03:13.673-05:00 | | class | vulnerability | | contributors | | name | Harvey Rubinovitz | | organization | The MITRE Corporation |
| name | Christine Walzer | | organization | The MITRE Corporation |
| name | Maria Mikhno | | organization | ALTX-SOFT |
| | description | domain restrictions. | | family | windows | | id | oval:org.mitre.oval:def:272 | | status | accepted | | submitted | 2004-01-27T05:00:00.000-04:00 | | title | IE v6.0 Domain Restriction Bypass Cross-Frame Scripting | | version | 67 |
| accepted | 2014-02-24T04:03:15.073-05:00 | | class | vulnerability | | contributors | | name | Harvey Rubinovitz | | organization | The MITRE Corporation |
| name | Maria Mikhno | | organization | ALTX-SOFT |
| | description | domain restrictions. | | family | windows | | id | oval:org.mitre.oval:def:333 | | status | accepted | | submitted | 2004-01-27T12:00:00.000-04:00 | | title | IE v5.5 Domain Restriction Bypass Cross-Frame Scripting | | version | 66 |
|
| refmap
via4
|
| bid | 5963 | | bugtraq | 20021015 Internet Explorer : The D-Day | | ciac | N-018 | | misc | http://security.greymagic.com/adv/gm011-ie/ | | ntbugtraq | 20021015 Internet Explorer : The D-Day | | vulnwatch | 20021015 Internet Explorer : The D-Day | | xf | ie-iframe-document-script-execution(10371) |
|
| Last major update |
23-07-2021 - 12:55 |
| Published |
28-10-2002 - 05:00 |
| Last modified |
23-07-2021 - 12:55 |
