Internet Explorer 6 SP1 and previous versions allows remote malicious users to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft internet explorer 6.0 |
||
microsoft ie 6.0 |
||
microsoft internet explorer 5.0.1 |
||
microsoft internet explorer 5.5 |