ID CVE-2002-0027
Summary Internet Explorer 5.5 and 6.0 allows remote attackers to read certain files and spoof the URL in the address bar by using the Document.open function to pass information between two frames from different domains, a new variant of the "Frame Domain Verification" vulnerability described in MS:MS01-058/CAN-2001-0874.
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 23-07-2021 - 12:55)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
oval via4
accepted 2016-02-19T10:00:00.000-04:00
class vulnerability
contributors
  • name Tiffany Bergeron
    organization The MITRE Corporation
  • name Harvey Rubinovitz
    organization The MITRE Corporation
  • name Christine Walzer
    organization The MITRE Corporation
  • name Christine Walzer
    organization The MITRE Corporation
  • name Maria Kedovskaya
    organization ALTX-SOFT
  • name Maria Mikhno
    organization ALTX-SOFT
definition_extensions
comment Microsoft Internet Explorer 6 is installed
oval oval:org.mitre.oval:def:563
description Internet Explorer 5.5 and 6.0 allows remote attackers to read certain files and spoof the URL in the address bar by using the Document.open function to pass information between two frames from different domains, a new variant of the "Frame Domain Verification" vulnerability described in MS:MS01-058/CAN-2001-0874.
family windows
id oval:org.mitre.oval:def:974
status accepted
submitted 2004-04-29T04:00:00.000-04:00
title IE Frame Domain Verification Vulnerability
version 69
refmap via4
bid 3721
bugtraq 20011219 Internet Explorer Document.Open() Without Close() Cookie Stealing, File Reading, Site Spoofing Bug
osvdb 3031
Last major update 23-07-2021 - 12:55
Published 08-03-2002 - 05:00
Last modified 23-07-2021 - 12:55
Back to Top