ID CVE-2002-0027
Summary Internet Explorer 5.5 and 6.0 allows remote attackers to read certain files and spoof the URL in the address bar by using the Document.open function to pass information between two frames from different domains, a new variant of the "Frame Domain Verification" vulnerability described in MS:MS01-058/CAN-2001-0874.
References
Vulnerable Configurations
  • Microsoft ie 5.5
    cpe:2.3:a:microsoft:ie:5.5
  • Microsoft Internet Explorer 6.0
    cpe:2.3:a:microsoft:ie:6.0
CVSS
Base: 7.5 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
oval via4
accepted 2016-02-19T10:00:00.000-04:00
class vulnerability
contributors
  • name Tiffany Bergeron
    organization The MITRE Corporation
  • name Harvey Rubinovitz
    organization The MITRE Corporation
  • name Christine Walzer
    organization The MITRE Corporation
  • name Christine Walzer
    organization The MITRE Corporation
  • name Maria Kedovskaya
    organization ALTX-SOFT
  • name Maria Mikhno
    organization ALTX-SOFT
definition_extensions
comment Microsoft Internet Explorer 6 is installed
oval oval:org.mitre.oval:def:563
description Internet Explorer 5.5 and 6.0 allows remote attackers to read certain files and spoof the URL in the address bar by using the Document.open function to pass information between two frames from different domains, a new variant of the "Frame Domain Verification" vulnerability described in MS:MS01-058/CAN-2001-0874.
family windows
id oval:org.mitre.oval:def:974
status accepted
submitted 2004-04-29T04:00:00.000-04:00
title IE Frame Domain Verification Vulnerability
version 68
refmap via4
bid 3721
bugtraq 20011219 Internet Explorer Document.Open() Without Close() Cookie Stealing, File Reading, Site Spoofing Bug
ms MS02-005
osvdb 3031
Last major update 05-09-2008 - 16:26
Published 08-03-2002 - 00:00
Last modified 12-10-2018 - 17:30
Back to Top