Vulnerabilities > CVE-2000-0028 - Unspecified vulnerability in Microsoft IE and Internet Explorer

CVSS 2.6 - LOW

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

high complexity

microsoft

exploit available

NVD

Published: 1999-12-23

Updated: 2022-08-17

Summary

Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the cross frame security policy and read files via the external.NavigateAndFind function.

Vulnerable Configurations

Part	Description	Count
Application	Microsoft Microsoft IE 4.0 Microsoft Internet Explorer 3.0.2 Microsoft Internet Explorer 3.0 Microsoft Internet Explorer 3.1 Microsoft Internet Explorer 3.2 Microsoft Internet Explorer 4.0 Microsoft Internet Explorer 4.0.1 Microsoft Internet Explorer 4.1 Microsoft Internet Explorer 4.5 Microsoft Internet Explorer 5.1 Microsoft Internet Explorer 5.0	11

Exploit-Db

description	MS IE 4/5/5.5/5.0.1 external.NavigateAndFind() Cross-Frame Vulnerability. CVE-2000-0028. Remote exploits for multiple platform
id	EDB-ID:19686
last seen	2016-02-02
modified	1999-12-22
published	1999-12-22
reporter	Georgi Guninski
source	https://www.exploit-db.com/download/19686/
title	Microsoft Internet Explorer 4/5/5.5/5.0.1 external.NavigateAndFind Cross-Frame Vulnerability

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2000-0028