oval:org.mitre.oval:def:333

Definition Id: oval:org.mitre.oval:def:333

Oval ID:	oval:org.mitre.oval:def:333
Title:	IE v5.5 Domain Restriction Bypass Cross-Frame Scripting
Description:	Cross-Frame scripting vulnerability in the WebBrowser control as used in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code, read arbitrary files, or conduct other unauthorized activities via script that accesses the Document property, which bypasses <frame> and <iframe> domain restrictions.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2002-1217	Version:	3
Platform(s):	Microsoft Windows 2000	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Internet Explorer 5.5 Installed Internet Explorer 5.5 Installed AND Internet Explorer 5.5 Installed AND Internet Explorer 5.5 Installed AND Internet Explorer 5.5 Service Pack 2 is installed AND the version of mshtml.dll is less than 5.50.4922.900 AND NOT the patch q328970 is installed (Installed Components key) AND NOT the patch q324929 is installed (Installed Components key) AND NOT the patch q810847 is installed (Installed Components key) AND NOT the patch q813489 is installed (Installed Components key) AND NOT the patch q818529 is installed (Installed Components key) AND NOT the patch q822925 is installed (Installed Components key) AND NOT the patch q828750 is installed (Installed Components key) AND NOT the patch q824145 is installed (Installed Components key)