Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2004-0727 | First vendor Publication | 2004-07-27 |
Vendor | Cve | Last vendor Modification | 2021-07-23 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability." |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0727 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:4702 | |||
Oval ID: | oval:org.mitre.oval:def:4702 | ||
Title: | IE v5.01,SP4 Similar Method Name Redirection Cross Domain Vulnerability | ||
Description: | Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-0727 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6829 | |||
Oval ID: | oval:org.mitre.oval:def:6829 | ||
Title: | IE v6.0,SP1 Similar Method Name Redirection Cross Domain Vulnerability | ||
Description: | Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-0727 | Version: | 5 |
Platform(s): | Microsoft Windows ME Microsoft Windows NT Microsoft Windows XP | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7084 | |||
Oval ID: | oval:org.mitre.oval:def:7084 | ||
Title: | IE v5.01,SP3 Similar Method Name Redirection Cross Domain Vulnerability | ||
Description: | Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-0727 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7448 | |||
Oval ID: | oval:org.mitre.oval:def:7448 | ||
Title: | IE v5.5,SP2 Similar Method Name Redirection Cross Domain Vulnerability | ||
Description: | Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-0727 | Version: | 6 |
Platform(s): | Microsoft Windows 98 Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7496 | |||
Oval ID: | oval:org.mitre.oval:def:7496 | ||
Title: | IE v6.0,SP2 for Server 2003 Similar Method Name Redirection Cross Domain Vulnerability | ||
Description: | Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-0727 | Version: | 4 |
Platform(s): | Microsoft Windows Server 2003 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7906 | |||
Oval ID: | oval:org.mitre.oval:def:7906 | ||
Title: | IE v6.0 Similar Method Name Redirection Cross Domain Vulnerability | ||
Description: | Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-0727 | Version: | 5 |
Platform(s): | Microsoft Windows XP | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
ExploitDB Exploits
id | Description |
---|---|
2004-10-20 | Microsoft Internet Explorer 5.x Valid File Drag and Drop Embedded Code Vulner... |
OpenVAS Exploits
Date | Description |
---|---|
2005-11-03 | Name : IE 5.01 5.5 6.0 Cumulative patch (890923) File : nvt/smb_nt_ms02-005.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
10704 | Microsoft IE Similar Method Name Redirection Cross Domain/Site Scripting Internet Explorer contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the redirection of a function to another function with the same name. This could allow a user to create a specially crafted URL that would execute arbitrary code possibly in other security zones/domains in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | MSN Heartbeat ActiveX clsid access RuleID : 4167 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Shell.Explorer ActiveX Object Access RuleID : 4166 - Revision : 10 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer mouse drag hijack RuleID : 21353 - Revision : 4 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer Install Engine ActiveX clsid unicode access RuleID : 17589 - Revision : 4 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer Install Engine ActiveX clsid access RuleID : 17588 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer Shell.Explorer 2 ActiveX clsid access RuleID : 15122 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | Shell.Explorer 2 ActiveX function call unicode access RuleID : 15113 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer Shell.Explorer 2 ActiveX function call access RuleID : 15112 - Revision : 12 - Type : BROWSER-PLUGINS |
2014-01-10 | Shell.Explorer 2 ActiveX clsid unicode access RuleID : 15111 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | MSN Heartbeat ActiveX clsid unicode access RuleID : 12956 - Revision : 7 - Type : WEB-ACTIVEX |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-07-27 00:24:37 |
|
2021-07-24 01:44:14 |
|
2021-07-24 01:01:43 |
|
2021-07-23 21:25:03 |
|
2021-05-04 12:02:23 |
|
2021-04-22 01:02:32 |
|
2020-05-23 00:15:51 |
|
2018-10-13 00:22:29 |
|
2017-10-11 09:23:22 |
|
2017-07-11 12:01:29 |
|
2016-10-18 12:01:22 |
|
2016-04-26 12:52:36 |
|
2013-05-11 11:42:33 |
|