ID CVE-2002-1217
Summary Cross-Frame scripting vulnerability in the WebBrowser control as used in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code, read arbitrary files, or conduct other unauthorized activities via script that accesses the Document property, which bypasses <frame> and <iframe> domain restrictions.
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.5:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.5:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 12-10-2018 - 21:32)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
assigner via4 cve@mitre.org
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
oval via4
  • accepted 2014-02-24T04:03:13.673-05:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Maria Mikhno
      organization ALTX-SOFT
    description domain restrictions.
    family windows
    id oval:org.mitre.oval:def:272
    status accepted
    submitted 2004-01-27T05:00:00.000-04:00
    title IE v6.0 Domain Restriction Bypass Cross-Frame Scripting
    version 66
  • accepted 2014-02-24T04:03:15.073-05:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Maria Mikhno
      organization ALTX-SOFT
    description domain restrictions.
    family windows
    id oval:org.mitre.oval:def:333
    status accepted
    submitted 2004-01-27T12:00:00.000-04:00
    title IE v5.5 Domain Restriction Bypass Cross-Frame Scripting
    version 65
refmap via4
bid 5963
bugtraq 20021015 Internet Explorer : The D-Day
ciac N-018
misc http://security.greymagic.com/adv/gm011-ie/
ms MS02-066
ntbugtraq 20021015 Internet Explorer : The D-Day
vulnwatch 20021015 Internet Explorer : The D-Day
xf ie-iframe-document-script-execution(10371)
vulnerable_product via4
  • cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.5:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*
Last major update 12-10-2018 - 21:32
Published 28-10-2002 - 05:00
Back to Top