CVE-2003-1326 - Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security

CVE-2003-1326

Summary

Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka "Improper Cross Domain Security Validation with dialog box."

References

Vulnerable Configurations

cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 23-07-2021 - 12:55)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

oval via4

accepted

2014-02-24T04:00:11.754-05:00

class

vulnerability

contributors

name Andrew Buttner
organization The MITRE Corporation
name Christine Walzer
organization The MITRE Corporation
name Maria Mikhno
organization ALTX-SOFT

description

family

windows

oval:org.mitre.oval:def:126

status

accepted

submitted

2004-01-27T05:00:00.000-04:00

title

IE v6.0 Improper Cross Domain Security Validation with Dialog Box

version

accepted

2014-02-24T04:00:23.739-05:00

class

vulnerability

contributors

name Andrew Buttner
organization The MITRE Corporation
name Maria Mikhno
organization ALTX-SOFT

description

family

windows

oval:org.mitre.oval:def:178

status

accepted

submitted

2004-01-27T12:00:00.000-04:00

title

IE v5.5 Improper Cross Domain Security Validation with Dialog Box

version

accepted

2014-02-24T04:03:20.061-05:00

class

vulnerability

contributors

name David Proulx
organization The MITRE Corporation
name Robert L. Hollis
organization ThreatGuard, Inc.
name Robert L. Hollis
organization ThreatGuard, Inc.
name Robert L. Hollis
organization ThreatGuard, Inc.
name Robert L. Hollis
organization ThreatGuard, Inc.
name Robert L. Hollis
organization ThreatGuard, Inc.
name Robert L. Hollis
organization ThreatGuard, Inc.
name Robert L. Hollis
organization ThreatGuard, Inc.
name Robert L. Hollis
organization ThreatGuard, Inc.
name Robert L. Hollis
organization ThreatGuard, Inc.
name Maria Mikhno
organization ALTX-SOFT

description

family

windows

oval:org.mitre.oval:def:49

status

accepted

submitted

2003-11-12T12:00:00.000-04:00

title

IE v5.01 Improper Cross Domain Security Validation with Dialog Box

version

refmap via4

bid	6779
ciac	N-038
xf	ie-dialog-zone-bypass(11258)

Last major update

23-07-2021 - 12:55

Published

19-02-2003 - 05:00

Last modified

23-07-2021 - 12:55