7.5 - MS03-048

Executive Summary

Informations
Name	MS03-048	First vendor Publication	N/A
Vendor	Microsoft	Last vendor Modification	N/A
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score	7.5	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Cumulative Security Update for Internet Explorer (824145)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:335

Oval ID:	oval:org.mitre.oval:def:335
Title:	IE v5.01,SP2 ExecCommand Cross Domain Zone Restriction Bypass
Description:	Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2003-0814	Version:	4
Platform(s):	Microsoft Windows 2000	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 5.01 Service Pack 2 is installed AND the version of mshtml.dll is less than 5.0.3523.1700 AND NOT the patch q824145 is installed (Installed Components key) AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

Definition Id: oval:org.mitre.oval:def:341

Oval ID:	oval:org.mitre.oval:def:341
Title:	IE v5.01,SP3 ExecCommand Cross Domain Zone Restriction Bypass
Description:	Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2003-0814	Version:	4
Platform(s):	Microsoft Windows 2000	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 5.01 Service Pack 3 is installed AND the version of mshtml.dll is less than 5.0.3523.1700 AND NOT the patch q824145 is installed (Installed Components key) AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

Definition Id: oval:org.mitre.oval:def:342

Oval ID:	oval:org.mitre.oval:def:342
Title:	IE v5.01,SP4 ExecCommand Cross Domain Zone Restriction Bypass
Description:	Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2003-0814	Version:	4
Platform(s):	Microsoft Windows 2000	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 5.01 Service Pack 4 is installed AND the version of mshtml.dll is less than 5.0.3810.1700 AND NOT the patch q824145 is installed (Installed Components key) AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

Definition Id: oval:org.mitre.oval:def:343

Oval ID:	oval:org.mitre.oval:def:343
Title:	IE v5.5,SP2 ExecCommand Cross Domain Zone Restriction Bypass
Description:	Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2003-0814	Version:	3
Platform(s):	Microsoft Windows ME Microsoft Windows NT Microsoft Windows 2000	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 5.5 Service Pack 2 is installed AND the version of mshtml.dll is less than 5.50.4934.1600 AND NOT the patch q824145 is installed (Installed Components key) AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

Definition Id: oval:org.mitre.oval:def:344

Oval ID:	oval:org.mitre.oval:def:344
Title:	IE v6.0,SP1 ExecCommand Cross Domain Zone Restriction Bypass
Description:	Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2003-0814	Version:	4
Platform(s):	Microsoft Windows ME Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 6 Service Pack 1 is installed AND the version of mshtml.dll is less than 6.0.2800.1276 AND NOT the patch q824145 is installed (Installed Components key) AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

Definition Id: oval:org.mitre.oval:def:349

Oval ID:	oval:org.mitre.oval:def:349
Title:	IE v6.0,SP1 (Server 2003) ExecCommand Cross Domain Zone Restriction Bypass
Description:	Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2003-0814	Version:	5
Platform(s):	Microsoft Windows Server 2003	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 6 for Windows Server 2003 is installed AND the version of mshtml.dll is less than 6.0.3790.94 AND NOT the patch q824145 is installed (Hotfix key) AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

Definition Id: oval:org.mitre.oval:def:351

Oval ID:	oval:org.mitre.oval:def:351
Title:	IE v5.01,SP2 Function Pointer Override Cross Domain Vulnerability
Description:	Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2003-0815	Version:	4
Platform(s):	Microsoft Windows 2000	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 5.01 Service Pack 2 is installed AND the version of mshtml.dll is less than 5.0.3523.1700 AND NOT the patch q824145 is installed (Installed Components key) AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

Definition Id: oval:org.mitre.oval:def:352

Oval ID:	oval:org.mitre.oval:def:352
Title:	IE v5.01,SP3 Function Pointer Override Cross Domain Vulnerability
Description:	Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2003-0815	Version:	4
Platform(s):	Microsoft Windows 2000	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 5.01 Service Pack 3 is installed AND the version of mshtml.dll is less than 5.0.3523.1700 AND NOT the patch q824145 is installed (Installed Components key) AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

Definition Id: oval:org.mitre.oval:def:353

Oval ID:	oval:org.mitre.oval:def:353
Title:	IE v5.01,SP4 Function Pointer Override Cross Domain Vulnerability
Description:	Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2003-0815	Version:	4
Platform(s):	Microsoft Windows 2000	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 5.01 Service Pack 4 is installed AND the version of mshtml.dll is less than 5.0.3810.1700 AND NOT the patch q824145 is installed (Installed Components key) AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

Definition Id: oval:org.mitre.oval:def:356

Oval ID:	oval:org.mitre.oval:def:356
Title:	IE v5.5,SP2 Function Pointer Override Cross Domain Vulnerability
Description:	Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2003-0815	Version:	3
Platform(s):	Microsoft Windows ME Microsoft Windows NT Microsoft Windows 2000	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 5.5 Service Pack 2 is installed AND the version of mshtml.dll is less than 5.50.4934.1600 AND NOT the patch q824145 is installed (Installed Components key) AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

Definition Id: oval:org.mitre.oval:def:357

Oval ID:	oval:org.mitre.oval:def:357
Title:	IE v6.0,SP1 Function Pointer Override Cross Domain Vulnerability
Description:	Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2003-0815	Version:	4
Platform(s):	Microsoft Windows ME Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 6 Service Pack 1 is installed AND the version of mshtml.dll is less than 6.0.2800.1276 AND NOT the patch q824145 is installed (Installed Components key) AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

Definition Id: oval:org.mitre.oval:def:359

Oval ID:	oval:org.mitre.oval:def:359
Title:	IE v6.0,SP1 (Server 2003) Function Pointer Override Cross Domain Vulnerability
Description:	Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2003-0815	Version:	5
Platform(s):	Microsoft Windows Server 2003	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 6 for Windows Server 2003 is installed AND the version of mshtml.dll is less than 6.0.3790.94 AND NOT the patch q824145 is installed (Hotfix key) AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

Definition Id: oval:org.mitre.oval:def:361

Oval ID:	oval:org.mitre.oval:def:361
Title:	IE v5.01,SP2 Script URLs Cross Domain Zone Restrictions Bypass
Description:	Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2003-0816	Version:	4
Platform(s):	Microsoft Windows 2000	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 5.01 Service Pack 2 is installed AND the version of mshtml.dll is less than 5.0.3523.1700 AND NOT the patch q824145 is installed (Installed Components key) AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

Definition Id: oval:org.mitre.oval:def:362

Oval ID:	oval:org.mitre.oval:def:362
Title:	IE v5.01,SP3 Script URLs Cross Domain Zone Restrictions Bypass
Description:	Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2003-0816	Version:	4
Platform(s):	Microsoft Windows 2000	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 5.01 Service Pack 3 is installed AND the version of mshtml.dll is less than 5.0.3523.1700 AND NOT the patch q824145 is installed (Installed Components key) AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

Definition Id: oval:org.mitre.oval:def:363

Oval ID:	oval:org.mitre.oval:def:363
Title:	IE v5.01,SP4 Script URLs Cross Domain Zone Restrictions Bypass
Description:	Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2003-0816	Version:	4
Platform(s):	Microsoft Windows 2000	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 5.01 Service Pack 4 is installed AND the version of mshtml.dll is less than 5.0.3810.1700 AND NOT the patch q824145 is installed (Installed Components key) AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

Definition Id: oval:org.mitre.oval:def:368

Oval ID:	oval:org.mitre.oval:def:368
Title:	IE v5.01,SP2 HijackClick Vulnerability
Description:	Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2003-0823	Version:	4
Platform(s):	Microsoft Windows 2000	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 5.01 Service Pack 2 is installed AND the version of mshtml.dll is less than 5.0.3523.1700 AND NOT the patch q824145 is installed (Installed Components key) AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

Definition Id: oval:org.mitre.oval:def:369

Oval ID:	oval:org.mitre.oval:def:369
Title:	IE v5.01,SP3 HijackClick Vulnerability
Description:	Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2003-0823	Version:	4
Platform(s):	Microsoft Windows 2000	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 5.01 Service Pack 3 is installed AND the version of mshtml.dll is less than 5.0.3523.1700 AND NOT the patch q824145 is installed (Installed Components key) AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

Definition Id: oval:org.mitre.oval:def:370

Oval ID:	oval:org.mitre.oval:def:370
Title:	IE v5.01,SP4 HijackClick Vulnerability
Description:	Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2003-0823	Version:	4
Platform(s):	Microsoft Windows 2000	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 5.01 Service Pack 4 is installed AND the version of mshtml.dll is less than 5.0.3810.1700 AND NOT the patch q824145 is installed (Installed Components key) AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

Definition Id: oval:org.mitre.oval:def:371

Oval ID:	oval:org.mitre.oval:def:371
Title:	IE v5.5,SP2 HijackClick Vulnerability
Description:	Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2003-0823	Version:	3
Platform(s):	Microsoft Windows ME Microsoft Windows NT Microsoft Windows 2000	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 5.5 Service Pack 2 is installed AND the version of mshtml.dll is less than 5.50.4934.1600 AND NOT the patch q824145 is installed (Installed Components key) AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

Definition Id: oval:org.mitre.oval:def:372

Oval ID:	oval:org.mitre.oval:def:372
Title:	IE v6.0,SP1 HijackClick Vulnerability
Description:	Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2003-0823	Version:	4
Platform(s):	Microsoft Windows ME Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 6 Service Pack 1 is installed AND the version of mshtml.dll is less than 6.0.2800.1276 AND NOT the patch q824145 is installed (Installed Components key) AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

Definition Id: oval:org.mitre.oval:def:392

Oval ID:	oval:org.mitre.oval:def:392
Title:	IE v6.0 (XP) ExecCommand Cross Domain Zone Restriction Bypass
Description:	Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2003-0814	Version:	4
Platform(s):	Microsoft Windows XP	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 6 is installed AND the version of mshtml.dll is less than 6.0.2734.1600 AND NOT the patch q824145 is installed (Installed Components key) AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

Definition Id: oval:org.mitre.oval:def:409

Oval ID:	oval:org.mitre.oval:def:409
Title:	IE v5.5,SP2 Script URLs Cross Domain Zone Restrictions Bypass
Description:	Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2003-0816	Version:	3
Platform(s):	Microsoft Windows ME Microsoft Windows NT Microsoft Windows 2000	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 5.5 Service Pack 2 is installed AND the version of mshtml.dll is less than 5.50.4934.1600 AND NOT the patch q824145 is installed (Installed Components key) AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

Definition Id: oval:org.mitre.oval:def:416

Oval ID:	oval:org.mitre.oval:def:416
Title:	IE v6.0,SP1 Script URLs Cross Domain Zone Restrictions Bypass
Description:	Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2003-0816	Version:	4
Platform(s):	Microsoft Windows ME Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 6 Service Pack 1 is installed AND the version of mshtml.dll is less than 6.0.2800.1276 AND NOT the patch q824145 is installed (Installed Components key) AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

Definition Id: oval:org.mitre.oval:def:459

Oval ID:	oval:org.mitre.oval:def:459
Title:	IE v6.0,SP1 (Server 2003) Script URLs Cross Domain Zone Restrictions Bypass
Description:	Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2003-0816	Version:	5
Platform(s):	Microsoft Windows Server 2003	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 6 for Windows Server 2003 is installed AND the version of mshtml.dll is less than 6.0.3790.94 AND NOT the patch q824145 is installed (Hotfix key) AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

Definition Id: oval:org.mitre.oval:def:472

Oval ID:	oval:org.mitre.oval:def:472
Title:	IE v6.0 (XP) Function Pointer Override Cross Domain Vulnerability
Description:	Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2003-0815	Version:	4
Platform(s):	Microsoft Windows XP	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 6 is installed AND the version of mshtml.dll is less than 6.0.2734.1600 AND NOT the patch q824145 is installed (Installed Components key) AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

Definition Id: oval:org.mitre.oval:def:479

Oval ID:	oval:org.mitre.oval:def:479
Title:	IE v6.0 (XP) Script URLs Cross Domain Zone Restrictions Bypass
Description:	Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2003-0816	Version:	4
Platform(s):	Microsoft Windows XP	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 6 is installed AND the version of mshtml.dll is less than 6.0.2734.1600 AND NOT the patch q824145 is installed (Installed Components key) AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

Definition Id: oval:org.mitre.oval:def:508

Oval ID:	oval:org.mitre.oval:def:508
Title:	IE v5.01,SP2 Zone Restrictions Bypass via XML Vulnerability
Description:	Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2003-0817	Version:	4
Platform(s):	Microsoft Windows 2000	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 5.01 Service Pack 2 is installed AND the version of mshtml.dll is less than 5.0.3523.1700 AND NOT the patch q824145 is installed (Installed Components key) AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

Definition Id: oval:org.mitre.oval:def:520

Oval ID:	oval:org.mitre.oval:def:520
Title:	IE v5.01,SP3 Zone Restrictions Bypass via XML Vulnerability
Description:	Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2003-0817	Version:	4
Platform(s):	Microsoft Windows 2000	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 5.01 Service Pack 3 is installed AND the version of mshtml.dll is less than 5.0.3523.1700 AND NOT the patch q824145 is installed (Installed Components key) AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

Definition Id: oval:org.mitre.oval:def:543

Oval ID:	oval:org.mitre.oval:def:543
Title:	IE v6.0 (XP) Zone Restrictions Bypass via XML Vulnerability
Description:	Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2003-0817	Version:	4
Platform(s):	Microsoft Windows XP	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 6 is installed AND the version of mshtml.dll is less than 6.0.2734.1600 AND NOT the patch q824145 is installed (Installed Components key) AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

Definition Id: oval:org.mitre.oval:def:548

Oval ID:	oval:org.mitre.oval:def:548
Title:	IE v5.01,SP4 Zone Restrictions Bypass via XML Vulnerability
Description:	Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2003-0817	Version:	4
Platform(s):	Microsoft Windows 2000	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 5.01 Service Pack 4 is installed AND the version of mshtml.dll is less than 5.0.3810.1700 AND NOT the patch q824145 is installed (Installed Components key) AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

Definition Id: oval:org.mitre.oval:def:549

Oval ID:	oval:org.mitre.oval:def:549
Title:	IE v5.5,SP2 Zone Restrictions Bypass via XML Vulnerability
Description:	Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2003-0817	Version:	3
Platform(s):	Microsoft Windows ME Microsoft Windows NT Microsoft Windows 2000	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 5.5 Service Pack 2 is installed AND the version of mshtml.dll is less than 5.50.4934.1600 AND NOT the patch q824145 is installed (Installed Components key) AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

Definition Id: oval:org.mitre.oval:def:556

Oval ID:	oval:org.mitre.oval:def:556
Title:	IE v6.0,SP1 Zone Restrictions Bypass via XML Vulnerability
Description:	Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2003-0817	Version:	4
Platform(s):	Microsoft Windows ME Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 6 Service Pack 1 is installed AND the version of mshtml.dll is less than 6.0.2800.1276 AND NOT the patch q824145 is installed (Installed Components key) AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

Definition Id: oval:org.mitre.oval:def:566

Oval ID:	oval:org.mitre.oval:def:566
Title:	IE v6.0,SP1 (Server 2003) Zone Restrictions Bypass via XML Vulnerability
Description:	Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2003-0817	Version:	5
Platform(s):	Microsoft Windows Server 2003	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 6 for Windows Server 2003 is installed AND the version of mshtml.dll is less than 6.0.3790.94 AND NOT the patch q824145 is installed (Hotfix key) AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

Definition Id: oval:org.mitre.oval:def:588

Oval ID:	oval:org.mitre.oval:def:588
Title:	IE v6.0,SP1 (Server 2003) HijackClick Vulnerability
Description:	Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2003-0823	Version:	5
Platform(s):	Microsoft Windows Server 2003	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 6 for Windows Server 2003 is installed AND the version of mshtml.dll is less than 6.0.3790.94 AND NOT the patch q824145 is installed (Hotfix key) AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

Definition Id: oval:org.mitre.oval:def:733

Oval ID:	oval:org.mitre.oval:def:733
Title:	IE v6.0 (XP) HijackClick Vulnerability
Description:	Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2003-0823	Version:	4
Platform(s):	Microsoft Windows XP	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 6 is installed AND the version of mshtml.dll is less than 6.0.2734.1600 AND NOT the patch q824145 is installed (Installed Components key) AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine

CPE : Common Platform Enumeration

Type	Description	Count
Application	Microsoft Ie cpe:2.3:a:microsoft:ie:6.0:sp1::::::	1
Application	Microsoft Internet Explorer cpe:2.3:a:microsoft:internet_explorer:6.0:::::::* cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:::::: cpe:2.3:a:microsoft:internet_explorer:5.5:::::::* cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:::::: cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:::::: cpe:2.3:a:microsoft:internet_explorer:5.0.1:::::::* cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:::::: cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1::::::	8

OpenVAS Exploits

Date	Description
2005-11-03	Name : IE 5.01 5.5 6.0 Cumulative patch (890923) File : nvt/smb_nt_ms02-005.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
15219	Microsoft IE XML Object Arbitrary File Access
7893	Microsoft IE window.open file: Security Bypass (WsOpenFileJPU)
7892	Microsoft IE href Javascript Arbitrary Command Execution (BodyRefreshLoadsJPU)
7889	Microsoft IE createTextRange Security Bypass (LinKiller) Microsoft Internet Explorer contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a user accesses a malicious web site, which hijacks the 'document.body.createTextRange' method and may disclose arbitrary file information resulting in a loss of confidentiality.
7888	Microsoft IE createRange FIND Dialog Security Bypass (Findeath)
3099	Microsoft IE _search Window Execute Code (WsBASEjpu) Microsoft Internet Explorer allows a remote attacker to gain sensitive information about a vulnerable system. Due to a flaw in the _search window, an attacker can bypass authentication and use the file protocol to gain information or execute arbitrary code.
3098	Microsoft IE history.back NAF Function Execute Script (NAFjpuInHistory) Microsoft Internet Explorer allows a remote attacker to obtain sensitive information about other Web sites or execute arbitrary JavaScript. The issue is due to a vulnerability in the history.back and NavigateAndFind function.
3097	Microsoft IE window.open Function Execute Code (WsFakeSrc) Microsoft Internet Explorer allows a remote attacker to obtain sensitive information from a remote system or execute arbitrary code. The issue is due to a flaw in the window.open function and the permissions it honors between windows. A remote attacker could create a malicious HTML document that would use this function to obtain sensitive information and execute arbitrary JavaScript in the security context of the web page being viewed..
3096	Microsoft IE NavigateAndFind Function Execute Code (NAFfileJPU) Microsoft Internet Explorer allows a remote attacker to obtain sensitive information from a remote machine. The issue is due to a flaw in the NavigateAndFind function and how it operates with the file protocol. An attacker can create a custom HTML document using this function to obtain sensitive information about the system, or execute arbitrary code in a different window.
3094	Microsoft IE window.moveBy Cursor Hijack (HijackClick) Microsoft Internet Explorer allows a remote attacker to save a file to a target location on the victim's system, without a confirmation dialog box. The issue is due to inproper validation of specific Dynamic HTML (DHTML) functions that control mouse and window movement. If an attacker creates a specially crafted URL link, it can be configured to download and save an arbitrary file on the victim system without any warning or confirmation.

Snort® IPS/IDS

Date	Description
2014-01-10	Microsoft Internet Explorer RAV Online Scanner ActiveX object access RuleID : 4188 - Revision : 12 - Type : BROWSER-PLUGINS
2014-01-10	Symantec RuFSI registry Information Class ActiveX object access RuleID : 4174 - Revision : 14 - Type : BROWSER-PLUGINS

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-01-19 21:29:50	Multiple Updates

Global Informations

Type	Count
Oval ID(s)	35
CPE ID(s)	9
osvdb(s)	10
Openvas Exploit(s)	1
Snort® Rule(s)	2

	Related
7.5	CVE-2003-0823
7.5	CVE-2003-0817
7.5	CVE-2003-0816
7.5	CVE-2003-0815
7.5	CVE-2003-0814
6.8	VU#923508
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 6 more Alert(s)

Copyright Security-Database 2006-2024 - Powered by themself ;) in 0.1630s

Facebook rss twitter linkedin mail