Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2002-1217 | First vendor Publication | 2002-10-28 |
| Vendor | Cve | Last vendor Modification | 2024-11-20 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Cross-Frame scripting vulnerability in the WebBrowser control as used in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code, read arbitrary files, or conduct other unauthorized activities via script that accesses the Document property, which bypasses and <iframe> domain restrictions. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1217 |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:333 | |||
| Oval ID: | oval:org.mitre.oval:def:333 | ||
| Title: | IE v5.5 Domain Restriction Bypass Cross-Frame Scripting | ||
| Description: | Cross-Frame scripting vulnerability in the WebBrowser control as used in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code, read arbitrary files, or conduct other unauthorized activities via script that accesses the Document property, which bypasses <frame> and <iframe> domain restrictions. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2002-1217 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Explorer |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 4 |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 2997 | Microsoft IE oIFrameElement.Document IFRAME Bypass Microsoft Internet Explorer allow a remote attacker to execute malicious JavaScript in restricted domains by using an oIFrameElement.Document object to bypass security domain restrictions. This flaw is due to WebBrowser control not properly filtering input and bypassing <frame> and <iframe> domain restrictions. |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Microsoft Windows DirectX Files Viewer ActiveX object access RuleID : 4179 - Revision : 12 - Type : BROWSER-PLUGINS |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 23:23:45 |
|
| 2024-11-28 12:05:13 |
|
| 2021-07-27 00:24:38 |
|
| 2021-07-24 01:44:15 |
|
| 2021-07-24 01:01:25 |
|
| 2021-07-23 17:24:42 |
|
| 2021-05-04 12:01:46 |
|
| 2021-04-22 01:01:54 |
|
| 2020-05-23 00:15:06 |
|
| 2018-10-13 00:22:26 |
|
| 2018-08-02 12:01:26 |
|
| 2017-10-11 09:23:15 |
|
| 2016-10-18 12:01:04 |
|
| 2016-04-26 12:16:41 |
|
| 2013-05-11 12:12:07 |
|
