ID CVE-2002-1254
Summary Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model and access information on the local system or in other domains, and possibly execute code, via cached methods and objects, aka "Cross Domain Verification via Cached Methods."
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.5:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.5:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 12-10-2018 - 21:32)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
oval via4
  • accepted 2014-02-24T04:03:17.188-05:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Maria Mikhno
      organization ALTX-SOFT
    description Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model and access information on the local system or in other domains, and possibly execute code, via cached methods and objects, aka "Cross Domain Verification via Cached Methods."
    family windows
    id oval:org.mitre.oval:def:388
    status accepted
    submitted 2004-01-27T05:00:00.000-04:00
    title IE v6.0 Cross Domain Verification via Cached Methods Vulnerability
    version 66
  • accepted 2014-02-24T04:03:17.813-05:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Maria Mikhno
      organization ALTX-SOFT
    description Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model and access information on the local system or in other domains, and possibly execute code, via cached methods and objects, aka "Cross Domain Verification via Cached Methods."
    family windows
    id oval:org.mitre.oval:def:408
    status accepted
    submitted 2004-01-27T12:00:00.000-04:00
    title IE v5.5 Cross Domain Verification via Cached Methods Vulnerability
    version 65
refmap via4
bid 6028
bugtraq 20021022 Vulnerable cached objects in IE (9 advisories in 1)
ciac N-018
misc http://security.greymagic.com/adv/gm012-ie/
ms MS02-066
xf
  • ie-cache-elementfrompoint-dom-access(10435)
  • ie-cache-execcommand-dom-access(10439)
  • ie-cache-getelementbyid-dom-access(10436)
  • ie-cache-getelementsbyname-dom-access(10437)
  • ie-cache-getelementsbytagname-dom-access(10438)
  • ie-cache-showmodaldialog-dom-access(10432)
Last major update 12-10-2018 - 21:32
Published 11-12-2002 - 05:00
Back to Top