Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2003-0816

Published: 03/02/2004 Updated: 23/07/2021
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 760
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Internet Explorer

Vulnerability Summary

Internet Explorer 6 SP1 and previous versions allows remote malicious users to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability.

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft internet explorer 5.0.1

microsoft internet explorer 5.5

microsoft internet explorer 6.0

microsoft ie 6.0

Exploits

Exploit DB: Microsoft Internet Explorer 6 - Script Execution
source: wwwsecurityfocuscom/bid/8577/info Multiple issues have been reported in Microsoft Internet Explorer Though these issues have been reported by a reliable source, communication issues have presented difficulty in obtaining details surrounding the reported issues This vulnerability entry will be updated when additional information ...
Exploit DB: Microsoft Internet Explorer 5 - window.open Search Pane Cross-Zone Scripting
source: wwwsecurityfocuscom/bid/9798/info A vulnerability has been reported in Microsoft Internet Explorer that could enable unauthorized access by malicious scripts and Active Content to document properties across different Security Zones and foreign domains This issue is exposed when search panes are opened via the windowopen method ...

References

NVD-CWE-Otherhttp://www.kb.cert.org/vuls/id/652452http://www.safecenter.net/UMBRELLAWEBV4/NAFfileJPU/NAFfileJPU-Content.htmhttp://www.safecenter.net/UMBRELLAWEBV4/WsOpenFileJPU/WsOpenFileJPU-Content.HTMhttp://www.safecenter.net/liudieyu/WsBASEjpu/WsBASEjpu-Content.HTMhttp://www.safecenter.net/liudieyu/WsFakeSrc/WsFakeSrc-Content.HTMhttp://www.safecenter.net/liudieyu/WsOpenJpuInHistory/WsOpenJpuInHistory-Content.HTMhttp://www.safecenter.net/liudieyu/NAFjpuInHistory/NAFjpuInHistory-Content.HTMhttp://www.safecenter.net/liudieyu/BackMyParent2/BackMyParent2-Content.HTMhttp://www.safecenter.net/liudieyu/BackMyParent/BackMyParent-content.htmhttp://www.safecenter.net/liudieyu/RefBack/RefBack-Content.HTMhttp://www.securityfocus.com/archive/1/337086http://www.kb.cert.org/vuls/id/771604http://www.securityfocus.com/archive/1/336937http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0146.htmlhttp://securitytracker.com/id?1007687http://secunia.com/advisories/10192http://marc.info/?l=bugtraq&m=106321882821788&w=2http://marc.info/?l=bugtraq&m=106322240132721&w=2http://marc.info/?l=bugtraq&m=106322063729496&w=2http://marc.info/?l=bugtraq&m=106321781819727&w=2http://marc.info/?l=bugtraq&m=106321638416884&w=2http://marc.info/?l=bugtraq&m=106321693517858&w=2https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A479https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A459https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A416https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A409https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A363https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A362https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A361https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048https://nvd.nist.govhttps://www.exploit-db.com/exploits/23131/https://www.kb.cert.org/vuls/id/652452
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21991CVE-2024-32674path traversalCVE-2023-21987denial of servicedosCVE-2024-4647CVE-2024-25519CVE-2024-33612
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook