Executive Summary
Informations | |||
---|---|---|---|
Name | MS02-066 | First vendor Publication | N/A |
Vendor | Microsoft | Last vendor Modification | N/A |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Cumulative Patch for Internet Explorer (Q328970) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:225 | |||
Oval ID: | oval:org.mitre.oval:def:225 | ||
Title: | IE v5.5 Frames Cross-site Scripting Vulnerability | ||
Description: | Cross-site scripting vulnerability (XSS) in Internet Explorer 5.01 through 6.0 allows remote attackers to read and execute files on the local system via web pages using the <frame> or <iframe> element and javascript, aka "Frames Cross Site Scripting," as demonstrated using the PrivacyPolicy.dlg resource. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2002-1187 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:333 | |||
Oval ID: | oval:org.mitre.oval:def:333 | ||
Title: | IE v5.5 Domain Restriction Bypass Cross-Frame Scripting | ||
Description: | Cross-Frame scripting vulnerability in the WebBrowser control as used in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code, read arbitrary files, or conduct other unauthorized activities via script that accesses the Document property, which bypasses <frame> and <iframe> domain restrictions. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2002-1217 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:495 | |||
Oval ID: | oval:org.mitre.oval:def:495 | ||
Title: | IE v5.5 Encoded Characters Information Disclosure Vulnerability | ||
Description: | Internet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters within a URL, which allows a remote attacker to steal potentially sensitive information from a user by redirecting the user to another site that has that information, aka "Encoded Characters Information Disclosure." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2002-1186 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:542 | |||
Oval ID: | oval:org.mitre.oval:def:542 | ||
Title: | IE v5.5 Malformed PNG Image File Failure Vulnerability | ||
Description: | Internet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes during decompression, aka "Malformed PNG Image File Failure." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2002-1185 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:690 | |||
Oval ID: | oval:org.mitre.oval:def:690 | ||
Title: | IE v5.5 Temporary Internet Files folders Name Reading Vulnerability | ||
Description: | Internet Explorer 5.01 through 6.0 allows remote attackers to identify the path to the Temporary Internet Files folder and obtain user information such as cookies via certain uses of the OBJECT tag, which are not subjected to the proper security checks, aka "Temporary Internet Files folders Name Reading." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2002-1188 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2005-11-03 | Name : IE 5.01 5.5 6.0 Cumulative patch (890923) File : nvt/smb_nt_ms02-005.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
15224 | Microsoft IE External Caching Security Failure Arbitrary File Access Internet Explorer contains a flaw that may allow a malicious user to access arbitrary files. The issue is due to incomplete security checks on IE external caching, which allows remote attackers to access files on a user's system, resulting in a loss of confidentiality. |
7846 | Microsoft IE PNG Invalid Length Code DoS |
7845 | Microsoft IE Encoded URL Information Disclosure Microsoft Internet Explorer contains a flaw that may lead to an unauthorized information disclosure. Â The issue is triggered when a user clicks a maliciously crafted link, which will disclose information exchanged between the user and a third party web site resulting in a loss of confidentiality. |
7844 | Microsoft IE Object Tag Temporary File Information Disclosure |
2998 | Microsoft IE Frame Javascript URL Cross-Domain Script Execution Microsoft Internet Explorer allows a remote attacker to execute arbitrary JavaScript on any HTML document that uses <frame> or <iframe> elements. The script excuted is done in the securty context of the currently loaded site. This would allow attackers to steal cookies, read local files or execute programs. |
2997 | Microsoft IE oIFrameElement.Document IFRAME Bypass Microsoft Internet Explorer allow a remote attacker to execute malicious JavaScript in restricted domains by using an oIFrameElement.Document object to bypass security domain restrictions. This flaw is due to WebBrowser control not properly filtering input and bypassing <frame> and <iframe> domain restrictions. |
2986 | Microsoft IE clipboardData Object Caching Cross-domain Policy Bypass Microsoft Internet Explorer contains a flaw that may allow a remote attacker to execute malicious JavaScript in restricted domains. The issue is caused when two windows communicate and the security checks that ensure both pages are in the same security zone/domain wrongly assume that certain cached objects are only called through their respective window. This incorrect assumption allows the remote attacker to provide interoperability between seperate documents. This would allow the attacker to gain access site content, steal cookies, read files from the local machine or execute program's on the victim computer. |
2985 | Microsoft IE execCommand Object Caching Microsoft Internet Explorer contains a flaw that may allow a remote attacker to execute malicious JavaScript in restricted domains. The issue is caused when two windows communicate and the security checks that ensure both pages are in the same security zone/domain wrongly assume that certain cached objects are only called through their respective window. This incorrect assumption allows the remote attacker to provide interoperability between seperate documents. This would allow the attacker to gain access site content, steal cookies, read files from the local machine or execute program's on the victim computer. |
2984 | Microsoft IE getElementsByTagName Object Caching Microsoft Internet Explorer contains a flaw that may allow a remote attacker to execute malicious JavaScript in restricted domains. The issue is caused when two windows communicate and the security checks that ensure both pages are in the same security zone/domain wrongly assume that certain cached objects are only called through their respective window. This incorrect assumption allows the remote attacker to provide interoperability between seperate documents. This would allow the attacker to gain access site content, steal cookies, read files from the local machine or execute program's on the victim computer. |
2983 | Microsoft IE getElementsByName Object Caching Microsoft Internet Explorer contains a flaw that may allow a remote attacker to execute malicious JavaScript in restricted domains. The issue is caused when two windows communicate and the security checks that ensure both pages are in the same security zone/domain wrongly assume that certain cached objects are only called through their respective window. This incorrect assumption allows the remote attacker to provide interoperability between seperate documents. This would allow the attacker to gain access site content, steal cookies, read files from the local machine or execute program's on the victim computer. |
2982 | Microsoft IE getElementById Object Caching Microsoft Internet Explorer contains a flaw that may allow a remote attacker to execute malicious JavaScript in restricted domains. The issue is caused when two windows communicate and the security checks that ensure both pages are in the same security zone/domain wrongly assume that certain cached objects are only called through their respective window. This incorrect assumption allows the remote attacker to provide interoperability between seperate documents. This would allow the attacker to gain access site content, steal cookies, read files from the local machine or execute program's on the victim computer. |
2981 | Microsoft IE elementFromPoint Object Caching Microsoft Internet Explorer contains a flaw that may allow a remote attacker to execute malicious JavaScript in restricted domains. The issue is caused when two windows communicate and the security checks that ensure both pages are in the same security zone/domain wrongly assume that certain cached objects are only called through their respective window. This incorrect assumption allows the remote attacker to provide interoperability between seperate documents. This would allow the attacker to gain access site content, steal cookies, read files from the local machine or execute program's on the victim computer. |
2980 | Microsoft IE createRange Object Caching Microsoft Internet Explorer contains a flaw that may allow a remote attacker to execute malicious JavaScript in restricted domains. The issue is caused when two windows communicate and the security checks that ensure both pages are in the same security zone/domain wrongly assume that certain cached objects are only called through their respective window. This incorrect assumption allows the remote attacker to provide interoperability between seperate documents. This would allow the attacker to gain access site content, steal cookies, read files from the local machine or execute program's on the victim computer. |
2979 | Microsoft IE external Object Caching Microsoft Internet Explorer contains a flaw that may allow a remote attacker to execute malicious JavaScript in restricted domains. The issue is caused when two windows communicate and the security checks that ensure both pages are in the same security zone/domain wrongly assume that certain cached objects are only called through their respective window. This incorrect assumption allows the remote attacker to provide interoperability between seperate documents. This would allow the attacker to gain access site content, steal cookies, read files from the local machine or execute program's on the victim computer. |
2978 | Microsoft IE showModalDialog Object Caching Microsoft Internet Explorer contains a flaw that may allow a remote attacker to execute malicious JavaScript in restricted domains. The issue is caused when two windows communicate and the security checks that ensure both pages are in the same security zone/domain wrongly assume that certain cached objects are only called through their respective window. This incorrect assumption allows the remote attacker to provide interoperability between seperate documents. This would allow the attacker to gain access site content, steal cookies, read files from the local machine or execute program's on the victim computer. |
Snort® IPS/IDS
Date | Description |
---|---|
2017-09-28 | Microsoft Internet Explorer information disclosure attempt RuleID : 44185 - Revision : 2 - Type : BROWSER-IE |
2017-09-28 | Microsoft Internet Explorer information disclosure attempt RuleID : 44184 - Revision : 2 - Type : BROWSER-IE |
2017-08-10 | Microsoft Internet Explorer cross-domain violation via cached object attempt RuleID : 43515 - Revision : 1 - Type : BROWSER-IE |
2014-01-10 | Microsoft Windows DirectX Files Viewer ActiveX object access RuleID : 4179 - Revision : 12 - Type : BROWSER-PLUGINS |
Alert History
Date | Informations |
---|---|
2014-01-19 21:29:48 |
|