ID CVE-2003-0816
Summary Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability.
References
Vulnerable Configurations
  • Microsoft Internet Explorer 5.0.1
    cpe:2.3:a:microsoft:ie:5.0.1
  • Microsoft Internet Explorer 5.0.1 SP1
    cpe:2.3:a:microsoft:ie:5.0.1:sp1
  • Microsoft Internet Explorer 5.0.1 SP2
    cpe:2.3:a:microsoft:ie:5.0.1:sp2
  • Microsoft Internet Explorer 5.0.1 SP3
    cpe:2.3:a:microsoft:ie:5.0.1:sp3
  • Microsoft ie 5.5
    cpe:2.3:a:microsoft:ie:5.5
  • Microsoft Internet Explorer 5.5 SP1
    cpe:2.3:a:microsoft:ie:5.5:sp1
  • Microsoft Internet Explorer 5.5 SP2
    cpe:2.3:a:microsoft:ie:5.5:sp2
  • Microsoft Internet Explorer 6.0
    cpe:2.3:a:microsoft:ie:6.0
  • cpe:2.3:a:microsoft:ie:6.0:sp1
    cpe:2.3:a:microsoft:ie:6.0:sp1
CVSS
Base: 7.5 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
exploit-db via4
  • description Microsoft Internet Explorer 6.0 Script Execution Vulnerabilities. CVE-2003-0816. Remote exploit for windows platform
    id EDB-ID:23131
    last seen 2016-02-02
    modified 2003-09-10
    published 2003-09-10
    reporter Liu Die Yu and Jelmer
    source https://www.exploit-db.com/download/23131/
    title Microsoft Internet Explorer 6.0 Script Execution Vulnerabilities
  • description Microsoft Internet Explorer 5 window.open Search Pane Cross-Zone Scripting Vulnerability. CVE-2003-0816. Remote exploit for windows platform
    id EDB-ID:23790
    last seen 2016-02-02
    modified 2003-09-10
    published 2003-09-10
    reporter Liu Die Yu
    source https://www.exploit-db.com/download/23790/
    title Microsoft Internet Explorer 5 window.open Search Pane Cross-Zone Scripting Vulnerability
oval via4
  • accepted 2014-02-24T04:03:16.254-05:00
    class vulnerability
    contributors
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability.
    family windows
    id oval:org.mitre.oval:def:361
    status accepted
    submitted 2003-11-12T12:00:00.000-04:00
    title IE v5.01,SP2 Script URLs Cross Domain Zone Restrictions Bypass
    version 66
  • accepted 2014-02-24T04:03:16.335-05:00
    class vulnerability
    contributors
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability.
    family windows
    id oval:org.mitre.oval:def:362
    status accepted
    submitted 2003-11-12T12:00:00.000-04:00
    title IE v5.01,SP3 Script URLs Cross Domain Zone Restrictions Bypass
    version 66
  • accepted 2014-02-24T04:03:16.400-05:00
    class vulnerability
    contributors
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability.
    family windows
    id oval:org.mitre.oval:def:363
    status accepted
    submitted 2003-11-12T12:00:00.000-04:00
    title IE v5.01,SP4 Script URLs Cross Domain Zone Restrictions Bypass
    version 66
  • accepted 2014-02-24T04:03:17.934-05:00
    class vulnerability
    contributors
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Maria Mikhno
      organization ALTX-SOFT
    description Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability.
    family windows
    id oval:org.mitre.oval:def:409
    status accepted
    submitted 2003-11-12T12:00:00.000-04:00
    title IE v5.5,SP2 Script URLs Cross Domain Zone Restrictions Bypass
    version 65
  • accepted 2014-02-24T04:03:18.084-05:00
    class vulnerability
    contributors
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability.
    family windows
    id oval:org.mitre.oval:def:416
    status accepted
    submitted 2003-11-12T12:00:00.000-04:00
    title IE v6.0,SP1 Script URLs Cross Domain Zone Restrictions Bypass
    version 66
  • accepted 2014-02-24T04:03:19.235-05:00
    class vulnerability
    contributors
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability.
    family windows
    id oval:org.mitre.oval:def:459
    status accepted
    submitted 2003-11-12T12:00:00.000-04:00
    title IE v6.0,SP1 (Server 2003) Script URLs Cross Domain Zone Restrictions Bypass
    version 67
  • accepted 2014-02-24T04:03:19.800-05:00
    class vulnerability
    contributors
    • name Tiffany Bergeron
      organization The MITRE Corporation
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Maria Mikhno
      organization ALTX-SOFT
    description Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability.
    family windows
    id oval:org.mitre.oval:def:479
    status accepted
    submitted 2003-11-12T05:00:00.000-04:00
    title IE v6.0 (XP) Script URLs Cross Domain Zone Restrictions Bypass
    version 66
refmap via4
bugtraq
  • 20030910 MSIE->BackMyParent2:Multi-Thread version
  • 20030910 MSIE->NAFfileJPU
  • 20030910 MSIE->NAFjpuInHistory
  • 20030910 MSIE->RefBack
  • 20030910 MSIE->WsBASEjpu
  • 20030910 MSIE->WsFakeSrc
  • 20030910 MSIE->WsOpenFileJPU
  • 20030910 MSIE->WsOpenJpuInHistory
  • 20030911 LiuDieYu's missing files are here.
cert-vn
  • VU#652452
  • VU#771604
misc
ms MS03-048
sectrack 1007687
secunia 10192
Last major update 17-10-2016 - 22:37
Published 03-02-2004 - 00:00
Last modified 12-10-2018 - 17:33
Back to Top