ID CVE-2003-0447
Summary The Custom HTTP Errors capability in Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute script in the Local Zone via an argument to shdocvw.dll that causes a "javascript:" link to be generated.
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
CVSS
Base: 5.1 (as of 23-07-2021 - 12:55)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:H/Au:N/C:P/I:P/A:P
refmap via4
bugtraq 20030617 Script Injection to Custom HTTP Errors in Local Zone (GM#014-IE)
fulldisc 20030617 Script Injection to Custom HTTP Errors in Local Zone (GM#014-IE)
misc http://security.greymagic.com/adv/gm014-ie/
ntbugtraq 20030617 Script Injection to Custom HTTP Errors in Local Zone (GM#014-IE)
Last major update 23-07-2021 - 12:55
Published 24-07-2003 - 04:00
Last modified 23-07-2021 - 12:55
Back to Top