Executive Summary

Informations
Name CVE-2002-1254 First vendor Publication 2002-12-11
Vendor Cve Last vendor Modification 2021-07-23

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model and access information on the local system or in other domains, and possibly execute code, via cached methods and objects, aka "Cross Domain Verification via Cached Methods."

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1254

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:388
 
Oval ID: oval:org.mitre.oval:def:388
Title: IE v6.0 Cross Domain Verification via Cached Methods Vulnerability
Description: Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model and access information on the local system or in other domains, and possibly execute code, via cached methods and objects, aka "Cross Domain Verification via Cached Methods."
Family: windows Class: vulnerability
Reference(s): CVE-2002-1254
 Version: 4
Platform(s): Microsoft Windows 2000
 Product(s): Microsoft Internet Explorer
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:408
 
Oval ID: oval:org.mitre.oval:def:408
Title: IE v5.5 Cross Domain Verification via Cached Methods Vulnerability
Description: Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model and access information on the local system or in other domains, and possibly execute code, via cached methods and objects, aka "Cross Domain Verification via Cached Methods."
Family: windows Class: vulnerability
Reference(s): CVE-2002-1254
 Version: 3
Platform(s): Microsoft Windows 2000
 Product(s): Microsoft Internet Explorer
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Application 4

Open Source Vulnerability Database (OSVDB)

Id Description
2986 Microsoft IE clipboardData Object Caching Cross-domain Policy Bypass

Microsoft Internet Explorer contains a flaw that may allow a remote attacker to execute malicious JavaScript in restricted domains. The issue is caused when two windows communicate and the security checks that ensure both pages are in the same security zone/domain wrongly assume that certain cached objects are only called through their respective window. This incorrect assumption allows the remote attacker to provide interoperability between seperate documents. This would allow the attacker to gain access site content, steal cookies, read files from the local machine or execute program's on the victim computer.
2985 Microsoft IE execCommand Object Caching

Microsoft Internet Explorer contains a flaw that may allow a remote attacker to execute malicious JavaScript in restricted domains. The issue is caused when two windows communicate and the security checks that ensure both pages are in the same security zone/domain wrongly assume that certain cached objects are only called through their respective window. This incorrect assumption allows the remote attacker to provide interoperability between seperate documents. This would allow the attacker to gain access site content, steal cookies, read files from the local machine or execute program's on the victim computer.
2984 Microsoft IE getElementsByTagName Object Caching

Microsoft Internet Explorer contains a flaw that may allow a remote attacker to execute malicious JavaScript in restricted domains. The issue is caused when two windows communicate and the security checks that ensure both pages are in the same security zone/domain wrongly assume that certain cached objects are only called through their respective window. This incorrect assumption allows the remote attacker to provide interoperability between seperate documents. This would allow the attacker to gain access site content, steal cookies, read files from the local machine or execute program's on the victim computer.
2983 Microsoft IE getElementsByName Object Caching

Microsoft Internet Explorer contains a flaw that may allow a remote attacker to execute malicious JavaScript in restricted domains. The issue is caused when two windows communicate and the security checks that ensure both pages are in the same security zone/domain wrongly assume that certain cached objects are only called through their respective window. This incorrect assumption allows the remote attacker to provide interoperability between seperate documents. This would allow the attacker to gain access site content, steal cookies, read files from the local machine or execute program's on the victim computer.
2982 Microsoft IE getElementById Object Caching

Microsoft Internet Explorer contains a flaw that may allow a remote attacker to execute malicious JavaScript in restricted domains. The issue is caused when two windows communicate and the security checks that ensure both pages are in the same security zone/domain wrongly assume that certain cached objects are only called through their respective window. This incorrect assumption allows the remote attacker to provide interoperability between seperate documents. This would allow the attacker to gain access site content, steal cookies, read files from the local machine or execute program's on the victim computer.
2981 Microsoft IE elementFromPoint Object Caching

Microsoft Internet Explorer contains a flaw that may allow a remote attacker to execute malicious JavaScript in restricted domains. The issue is caused when two windows communicate and the security checks that ensure both pages are in the same security zone/domain wrongly assume that certain cached objects are only called through their respective window. This incorrect assumption allows the remote attacker to provide interoperability between seperate documents. This would allow the attacker to gain access site content, steal cookies, read files from the local machine or execute program's on the victim computer.
2980 Microsoft IE createRange Object Caching

Microsoft Internet Explorer contains a flaw that may allow a remote attacker to execute malicious JavaScript in restricted domains. The issue is caused when two windows communicate and the security checks that ensure both pages are in the same security zone/domain wrongly assume that certain cached objects are only called through their respective window. This incorrect assumption allows the remote attacker to provide interoperability between seperate documents. This would allow the attacker to gain access site content, steal cookies, read files from the local machine or execute program's on the victim computer.
2979 Microsoft IE external Object Caching

Microsoft Internet Explorer contains a flaw that may allow a remote attacker to execute malicious JavaScript in restricted domains. The issue is caused when two windows communicate and the security checks that ensure both pages are in the same security zone/domain wrongly assume that certain cached objects are only called through their respective window. This incorrect assumption allows the remote attacker to provide interoperability between seperate documents. This would allow the attacker to gain access site content, steal cookies, read files from the local machine or execute program's on the victim computer.
2978 Microsoft IE showModalDialog Object Caching

Microsoft Internet Explorer contains a flaw that may allow a remote attacker to execute malicious JavaScript in restricted domains. The issue is caused when two windows communicate and the security checks that ensure both pages are in the same security zone/domain wrongly assume that certain cached objects are only called through their respective window. This incorrect assumption allows the remote attacker to provide interoperability between seperate documents. This would allow the attacker to gain access site content, steal cookies, read files from the local machine or execute program's on the victim computer.

Snort® IPS/IDS

Date Description
2017-08-10 Microsoft Internet Explorer cross-domain violation via cached object attempt
RuleID : 43515 - Revision : 1 - Type : BROWSER-IE
2014-01-10 Microsoft Windows DirectX Files Viewer ActiveX object access
RuleID : 4179 - Revision : 12 - Type : BROWSER-PLUGINS

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/6028
BUGTRAQ http://marc.info/?l=bugtraq&m=103530131201191&w=2
CIAC http://www.ciac.org/ciac/bulletins/n-018.shtml
MISC http://security.greymagic.com/adv/gm012-ie/
MS https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02...
OVAL https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
XF http://www.iss.net/security_center/static/10435.php
http://www.iss.net/security_center/static/10436.php
http://www.iss.net/security_center/static/10437.php
http://www.iss.net/security_center/static/10438.php
http://www.iss.net/security_center/static/10439.php
https://exchange.xforce.ibmcloud.com/vulnerabilities/10432

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
Date Informations
2021-07-27 00:24:38
  • Multiple Updates
2021-07-24 01:44:15
  • Multiple Updates
2021-07-24 01:01:25
  • Multiple Updates
2021-07-23 17:24:42
  • Multiple Updates
2021-05-04 12:01:47
  • Multiple Updates
2021-04-22 01:01:54
  • Multiple Updates
2020-05-23 00:15:07
  • Multiple Updates
2018-10-13 00:22:26
  • Multiple Updates
2017-10-11 09:23:15
  • Multiple Updates
2017-07-11 12:01:11
  • Multiple Updates
2016-10-18 12:01:04
  • Multiple Updates
2016-04-26 12:16:57
  • Multiple Updates
2013-05-11 12:12:16
  • Multiple Updates