Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2002-1254 | First vendor Publication | 2002-12-11 |
Vendor | Cve | Last vendor Modification | 2021-07-23 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model and access information on the local system or in other domains, and possibly execute code, via cached methods and objects, aka "Cross Domain Verification via Cached Methods." |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1254 |
OVAL Definitions
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 | |
Application | 4 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
2986 | Microsoft IE clipboardData Object Caching Cross-domain Policy Bypass Microsoft Internet Explorer contains a flaw that may allow a remote attacker to execute malicious JavaScript in restricted domains. The issue is caused when two windows communicate and the security checks that ensure both pages are in the same security zone/domain wrongly assume that certain cached objects are only called through their respective window. This incorrect assumption allows the remote attacker to provide interoperability between seperate documents. This would allow the attacker to gain access site content, steal cookies, read files from the local machine or execute program's on the victim computer. |
2985 | Microsoft IE execCommand Object Caching Microsoft Internet Explorer contains a flaw that may allow a remote attacker to execute malicious JavaScript in restricted domains. The issue is caused when two windows communicate and the security checks that ensure both pages are in the same security zone/domain wrongly assume that certain cached objects are only called through their respective window. This incorrect assumption allows the remote attacker to provide interoperability between seperate documents. This would allow the attacker to gain access site content, steal cookies, read files from the local machine or execute program's on the victim computer. |
2984 | Microsoft IE getElementsByTagName Object Caching Microsoft Internet Explorer contains a flaw that may allow a remote attacker to execute malicious JavaScript in restricted domains. The issue is caused when two windows communicate and the security checks that ensure both pages are in the same security zone/domain wrongly assume that certain cached objects are only called through their respective window. This incorrect assumption allows the remote attacker to provide interoperability between seperate documents. This would allow the attacker to gain access site content, steal cookies, read files from the local machine or execute program's on the victim computer. |
2983 | Microsoft IE getElementsByName Object Caching Microsoft Internet Explorer contains a flaw that may allow a remote attacker to execute malicious JavaScript in restricted domains. The issue is caused when two windows communicate and the security checks that ensure both pages are in the same security zone/domain wrongly assume that certain cached objects are only called through their respective window. This incorrect assumption allows the remote attacker to provide interoperability between seperate documents. This would allow the attacker to gain access site content, steal cookies, read files from the local machine or execute program's on the victim computer. |
2982 | Microsoft IE getElementById Object Caching Microsoft Internet Explorer contains a flaw that may allow a remote attacker to execute malicious JavaScript in restricted domains. The issue is caused when two windows communicate and the security checks that ensure both pages are in the same security zone/domain wrongly assume that certain cached objects are only called through their respective window. This incorrect assumption allows the remote attacker to provide interoperability between seperate documents. This would allow the attacker to gain access site content, steal cookies, read files from the local machine or execute program's on the victim computer. |
2981 | Microsoft IE elementFromPoint Object Caching Microsoft Internet Explorer contains a flaw that may allow a remote attacker to execute malicious JavaScript in restricted domains. The issue is caused when two windows communicate and the security checks that ensure both pages are in the same security zone/domain wrongly assume that certain cached objects are only called through their respective window. This incorrect assumption allows the remote attacker to provide interoperability between seperate documents. This would allow the attacker to gain access site content, steal cookies, read files from the local machine or execute program's on the victim computer. |
2980 | Microsoft IE createRange Object Caching Microsoft Internet Explorer contains a flaw that may allow a remote attacker to execute malicious JavaScript in restricted domains. The issue is caused when two windows communicate and the security checks that ensure both pages are in the same security zone/domain wrongly assume that certain cached objects are only called through their respective window. This incorrect assumption allows the remote attacker to provide interoperability between seperate documents. This would allow the attacker to gain access site content, steal cookies, read files from the local machine or execute program's on the victim computer. |
2979 | Microsoft IE external Object Caching Microsoft Internet Explorer contains a flaw that may allow a remote attacker to execute malicious JavaScript in restricted domains. The issue is caused when two windows communicate and the security checks that ensure both pages are in the same security zone/domain wrongly assume that certain cached objects are only called through their respective window. This incorrect assumption allows the remote attacker to provide interoperability between seperate documents. This would allow the attacker to gain access site content, steal cookies, read files from the local machine or execute program's on the victim computer. |
2978 | Microsoft IE showModalDialog Object Caching Microsoft Internet Explorer contains a flaw that may allow a remote attacker to execute malicious JavaScript in restricted domains. The issue is caused when two windows communicate and the security checks that ensure both pages are in the same security zone/domain wrongly assume that certain cached objects are only called through their respective window. This incorrect assumption allows the remote attacker to provide interoperability between seperate documents. This would allow the attacker to gain access site content, steal cookies, read files from the local machine or execute program's on the victim computer. |
Snort® IPS/IDS
Date | Description |
---|---|
2017-08-10 | Microsoft Internet Explorer cross-domain violation via cached object attempt RuleID : 43515 - Revision : 1 - Type : BROWSER-IE |
2014-01-10 | Microsoft Windows DirectX Files Viewer ActiveX object access RuleID : 4179 - Revision : 12 - Type : BROWSER-PLUGINS |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-07-27 00:24:38 |
|
2021-07-24 01:44:15 |
|
2021-07-24 01:01:25 |
|
2021-07-23 17:24:42 |
|
2021-05-04 12:01:47 |
|
2021-04-22 01:01:54 |
|
2020-05-23 00:15:07 |
|
2018-10-13 00:22:26 |
|
2017-10-11 09:23:15 |
|
2017-07-11 12:01:11 |
|
2016-10-18 12:01:04 |
|
2016-04-26 12:16:57 |
|
2013-05-11 12:12:16 |
|