ID CVE-2004-0727
Summary Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability."
References
Vulnerable Configurations
  • Microsoft Internet Explorer 6.0.2800.1106
    cpe:2.3:a:microsoft:ie:6.0.2800.1106
CVSS
Base: 7.5 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
exploit-db via4
description Microsoft Internet Explorer 5.0.1 JavaScript Method Assignment Cross-Domain Scripting Vulnerability. CVE-2004-0727. Remote exploit for windows platform
id EDB-ID:24265
last seen 2016-02-02
modified 2004-07-12
published 2004-07-12
reporter Paul
source https://www.exploit-db.com/download/24265/
title Microsoft Internet Explorer 5.0.1 JavaScript Method Assignment Cross-Domain Scripting Vulnerability
oval via4
  • accepted 2014-02-24T04:03:19.508-05:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability."
    family windows
    id oval:org.mitre.oval:def:4702
    status accepted
    submitted 2004-10-19T07:27:00.000-04:00
    title IE v5.01,SP4 Similar Method Name Redirection Cross Domain Vulnerability
    version 66
  • accepted 2014-02-24T04:03:25.399-05:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability."
    family windows
    id oval:org.mitre.oval:def:6829
    status accepted
    submitted 2004-10-19T07:37:00.000-04:00
    title IE v6.0,SP1 Similar Method Name Redirection Cross Domain Vulnerability
    version 67
  • accepted 2014-02-24T04:03:25.745-05:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability."
    family windows
    id oval:org.mitre.oval:def:7084
    status accepted
    submitted 2004-10-19T07:22:00.000-04:00
    title IE v5.01,SP3 Similar Method Name Redirection Cross Domain Vulnerability
    version 66
  • accepted 2014-02-24T04:03:26.407-05:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Andrew Simmons
      organization MessageLabs
    • name Todd Dolinsky
      organization Hewlett-Packard
    • name Maria Mikhno
      organization ALTX-SOFT
    description Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability."
    family windows
    id oval:org.mitre.oval:def:7448
    status accepted
    submitted 2004-10-19T07:31:00.000-04:00
    title IE v5.5,SP2 Similar Method Name Redirection Cross Domain Vulnerability
    version 68
  • accepted 2014-02-24T04:03:26.550-05:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name John Hoyland
      organization Centennial Software
    • name Maria Mikhno
      organization ALTX-SOFT
    description Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability."
    family windows
    id oval:org.mitre.oval:def:7496
    status accepted
    submitted 2004-10-19T07:40:00.000-04:00
    title IE v6.0,SP2 for Server 2003 Similar Method Name Redirection Cross Domain Vulnerability
    version 66
  • accepted 2014-02-24T04:03:27.521-05:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name John Hoyland
      organization Centennial Software
    • name Maria Mikhno
      organization ALTX-SOFT
    description Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability."
    family windows
    id oval:org.mitre.oval:def:7906
    status accepted
    submitted 2004-10-19T04:00:00.000-04:00
    title IE v6.0 Similar Method Name Redirection Cross Domain Vulnerability
    version 67
refmap via4
bugtraq 20040711 MSIE Similar Method Name Redirection Cross Site/Zone Scripting
cert TA04-293A
cert-vn VU#207264
misc http://freehost07.websamba.com/greyhats/similarmethodnameredir.htm
ms MS04-038
secunia 12048
xf ie-function-redirect-xss(16681)
Last major update 17-10-2016 - 22:48
Published 27-07-2004 - 00:00
Last modified 12-10-2018 - 17:34
Back to Top