Executive Summary
Informations | |||
---|---|---|---|
Name | MS03-048 | First vendor Publication | N/A |
Vendor | Microsoft | Last vendor Modification | N/A |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Cumulative Security Update for Internet Explorer (824145) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:335 | |||
Oval ID: | oval:org.mitre.oval:def:335 | ||
Title: | IE v5.01,SP2 ExecCommand Cross Domain Zone Restriction Bypass | ||
Description: | Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-0814 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:341 | |||
Oval ID: | oval:org.mitre.oval:def:341 | ||
Title: | IE v5.01,SP3 ExecCommand Cross Domain Zone Restriction Bypass | ||
Description: | Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-0814 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:342 | |||
Oval ID: | oval:org.mitre.oval:def:342 | ||
Title: | IE v5.01,SP4 ExecCommand Cross Domain Zone Restriction Bypass | ||
Description: | Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-0814 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:343 | |||
Oval ID: | oval:org.mitre.oval:def:343 | ||
Title: | IE v5.5,SP2 ExecCommand Cross Domain Zone Restriction Bypass | ||
Description: | Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-0814 | Version: | 3 |
Platform(s): | Microsoft Windows ME Microsoft Windows NT Microsoft Windows 2000 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:344 | |||
Oval ID: | oval:org.mitre.oval:def:344 | ||
Title: | IE v6.0,SP1 ExecCommand Cross Domain Zone Restriction Bypass | ||
Description: | Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-0814 | Version: | 4 |
Platform(s): | Microsoft Windows ME Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:349 | |||
Oval ID: | oval:org.mitre.oval:def:349 | ||
Title: | IE v6.0,SP1 (Server 2003) ExecCommand Cross Domain Zone Restriction Bypass | ||
Description: | Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-0814 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2003 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:351 | |||
Oval ID: | oval:org.mitre.oval:def:351 | ||
Title: | IE v5.01,SP2 Function Pointer Override Cross Domain Vulnerability | ||
Description: | Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-0815 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:352 | |||
Oval ID: | oval:org.mitre.oval:def:352 | ||
Title: | IE v5.01,SP3 Function Pointer Override Cross Domain Vulnerability | ||
Description: | Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-0815 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:353 | |||
Oval ID: | oval:org.mitre.oval:def:353 | ||
Title: | IE v5.01,SP4 Function Pointer Override Cross Domain Vulnerability | ||
Description: | Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-0815 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:356 | |||
Oval ID: | oval:org.mitre.oval:def:356 | ||
Title: | IE v5.5,SP2 Function Pointer Override Cross Domain Vulnerability | ||
Description: | Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-0815 | Version: | 3 |
Platform(s): | Microsoft Windows ME Microsoft Windows NT Microsoft Windows 2000 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:357 | |||
Oval ID: | oval:org.mitre.oval:def:357 | ||
Title: | IE v6.0,SP1 Function Pointer Override Cross Domain Vulnerability | ||
Description: | Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-0815 | Version: | 4 |
Platform(s): | Microsoft Windows ME Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:359 | |||
Oval ID: | oval:org.mitre.oval:def:359 | ||
Title: | IE v6.0,SP1 (Server 2003) Function Pointer Override Cross Domain Vulnerability | ||
Description: | Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-0815 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2003 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:361 | |||
Oval ID: | oval:org.mitre.oval:def:361 | ||
Title: | IE v5.01,SP2 Script URLs Cross Domain Zone Restrictions Bypass | ||
Description: | Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-0816 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:362 | |||
Oval ID: | oval:org.mitre.oval:def:362 | ||
Title: | IE v5.01,SP3 Script URLs Cross Domain Zone Restrictions Bypass | ||
Description: | Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-0816 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:363 | |||
Oval ID: | oval:org.mitre.oval:def:363 | ||
Title: | IE v5.01,SP4 Script URLs Cross Domain Zone Restrictions Bypass | ||
Description: | Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-0816 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:368 | |||
Oval ID: | oval:org.mitre.oval:def:368 | ||
Title: | IE v5.01,SP2 HijackClick Vulnerability | ||
Description: | Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-0823 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:369 | |||
Oval ID: | oval:org.mitre.oval:def:369 | ||
Title: | IE v5.01,SP3 HijackClick Vulnerability | ||
Description: | Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-0823 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:370 | |||
Oval ID: | oval:org.mitre.oval:def:370 | ||
Title: | IE v5.01,SP4 HijackClick Vulnerability | ||
Description: | Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-0823 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:371 | |||
Oval ID: | oval:org.mitre.oval:def:371 | ||
Title: | IE v5.5,SP2 HijackClick Vulnerability | ||
Description: | Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-0823 | Version: | 3 |
Platform(s): | Microsoft Windows ME Microsoft Windows NT Microsoft Windows 2000 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:372 | |||
Oval ID: | oval:org.mitre.oval:def:372 | ||
Title: | IE v6.0,SP1 HijackClick Vulnerability | ||
Description: | Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-0823 | Version: | 4 |
Platform(s): | Microsoft Windows ME Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:392 | |||
Oval ID: | oval:org.mitre.oval:def:392 | ||
Title: | IE v6.0 (XP) ExecCommand Cross Domain Zone Restriction Bypass | ||
Description: | Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-0814 | Version: | 4 |
Platform(s): | Microsoft Windows XP | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:409 | |||
Oval ID: | oval:org.mitre.oval:def:409 | ||
Title: | IE v5.5,SP2 Script URLs Cross Domain Zone Restrictions Bypass | ||
Description: | Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-0816 | Version: | 3 |
Platform(s): | Microsoft Windows ME Microsoft Windows NT Microsoft Windows 2000 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:416 | |||
Oval ID: | oval:org.mitre.oval:def:416 | ||
Title: | IE v6.0,SP1 Script URLs Cross Domain Zone Restrictions Bypass | ||
Description: | Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-0816 | Version: | 4 |
Platform(s): | Microsoft Windows ME Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:459 | |||
Oval ID: | oval:org.mitre.oval:def:459 | ||
Title: | IE v6.0,SP1 (Server 2003) Script URLs Cross Domain Zone Restrictions Bypass | ||
Description: | Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-0816 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2003 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:472 | |||
Oval ID: | oval:org.mitre.oval:def:472 | ||
Title: | IE v6.0 (XP) Function Pointer Override Cross Domain Vulnerability | ||
Description: | Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-0815 | Version: | 4 |
Platform(s): | Microsoft Windows XP | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:479 | |||
Oval ID: | oval:org.mitre.oval:def:479 | ||
Title: | IE v6.0 (XP) Script URLs Cross Domain Zone Restrictions Bypass | ||
Description: | Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-0816 | Version: | 4 |
Platform(s): | Microsoft Windows XP | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:508 | |||
Oval ID: | oval:org.mitre.oval:def:508 | ||
Title: | IE v5.01,SP2 Zone Restrictions Bypass via XML Vulnerability | ||
Description: | Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-0817 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:520 | |||
Oval ID: | oval:org.mitre.oval:def:520 | ||
Title: | IE v5.01,SP3 Zone Restrictions Bypass via XML Vulnerability | ||
Description: | Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-0817 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:543 | |||
Oval ID: | oval:org.mitre.oval:def:543 | ||
Title: | IE v6.0 (XP) Zone Restrictions Bypass via XML Vulnerability | ||
Description: | Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-0817 | Version: | 4 |
Platform(s): | Microsoft Windows XP | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:548 | |||
Oval ID: | oval:org.mitre.oval:def:548 | ||
Title: | IE v5.01,SP4 Zone Restrictions Bypass via XML Vulnerability | ||
Description: | Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-0817 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:549 | |||
Oval ID: | oval:org.mitre.oval:def:549 | ||
Title: | IE v5.5,SP2 Zone Restrictions Bypass via XML Vulnerability | ||
Description: | Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-0817 | Version: | 3 |
Platform(s): | Microsoft Windows ME Microsoft Windows NT Microsoft Windows 2000 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:556 | |||
Oval ID: | oval:org.mitre.oval:def:556 | ||
Title: | IE v6.0,SP1 Zone Restrictions Bypass via XML Vulnerability | ||
Description: | Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-0817 | Version: | 4 |
Platform(s): | Microsoft Windows ME Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:566 | |||
Oval ID: | oval:org.mitre.oval:def:566 | ||
Title: | IE v6.0,SP1 (Server 2003) Zone Restrictions Bypass via XML Vulnerability | ||
Description: | Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-0817 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2003 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:588 | |||
Oval ID: | oval:org.mitre.oval:def:588 | ||
Title: | IE v6.0,SP1 (Server 2003) HijackClick Vulnerability | ||
Description: | Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-0823 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2003 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:733 | |||
Oval ID: | oval:org.mitre.oval:def:733 | ||
Title: | IE v6.0 (XP) HijackClick Vulnerability | ||
Description: | Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-0823 | Version: | 4 |
Platform(s): | Microsoft Windows XP | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2005-11-03 | Name : IE 5.01 5.5 6.0 Cumulative patch (890923) File : nvt/smb_nt_ms02-005.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
15219 | Microsoft IE XML Object Arbitrary File Access |
7893 | Microsoft IE window.open file: Security Bypass (WsOpenFileJPU) |
7892 | Microsoft IE href Javascript Arbitrary Command Execution (BodyRefreshLoadsJPU) |
7889 | Microsoft IE createTextRange Security Bypass (LinKiller) Microsoft Internet Explorer contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a user accesses a malicious web site, which hijacks the 'document.body.createTextRange' method and may disclose arbitrary file information resulting in a loss of confidentiality. |
7888 | Microsoft IE createRange FIND Dialog Security Bypass (Findeath) |
3099 | Microsoft IE _search Window Execute Code (WsBASEjpu) Microsoft Internet Explorer allows a remote attacker to gain sensitive information about a vulnerable system. Due to a flaw in the _search window, an attacker can bypass authentication and use the file protocol to gain information or execute arbitrary code. |
3098 | Microsoft IE history.back NAF Function Execute Script (NAFjpuInHistory) Microsoft Internet Explorer allows a remote attacker to obtain sensitive information about other Web sites or execute arbitrary JavaScript. The issue is due to a vulnerability in the history.back and NavigateAndFind function. |
3097 | Microsoft IE window.open Function Execute Code (WsFakeSrc) Microsoft Internet Explorer allows a remote attacker to obtain sensitive information from a remote system or execute arbitrary code. The issue is due to a flaw in the window.open function and the permissions it honors between windows. A remote attacker could create a malicious HTML document that would use this function to obtain sensitive information and execute arbitrary JavaScript in the security context of the web page being viewed.. |
3096 | Microsoft IE NavigateAndFind Function Execute Code (NAFfileJPU) Microsoft Internet Explorer allows a remote attacker to obtain sensitive information from a remote machine. The issue is due to a flaw in the NavigateAndFind function and how it operates with the file protocol. An attacker can create a custom HTML document using this function to obtain sensitive information about the system, or execute arbitrary code in a different window. |
3094 | Microsoft IE window.moveBy Cursor Hijack (HijackClick) Microsoft Internet Explorer allows a remote attacker to save a file to a target location on the victim's system, without a confirmation dialog box. The issue is due to inproper validation of specific Dynamic HTML (DHTML) functions that control mouse and window movement. If an attacker creates a specially crafted URL link, it can be configured to download and save an arbitrary file on the victim system without any warning or confirmation. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft Internet Explorer RAV Online Scanner ActiveX object access RuleID : 4188 - Revision : 12 - Type : BROWSER-PLUGINS |
2014-01-10 | Symantec RuFSI registry Information Class ActiveX object access RuleID : 4174 - Revision : 14 - Type : BROWSER-PLUGINS |
Alert History
Date | Informations |
---|---|
2014-01-19 21:29:50 |
|