Vulnerabilities > CVE-2002-0027 - Unspecified vulnerability in Microsoft Internet Explorer 5.5/6.0

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
microsoft
NVD
Published: 2002-03-08
Updated: 2021-07-23

Summary

Internet Explorer 5.5 and 6.0 allows remote attackers to read certain files and spoof the URL in the address bar by using the Document.open function to pass information between two frames from different domains, a new variant of the "Frame Domain Verification" vulnerability described in MS:MS01-058/CAN-2001-0874.

Vulnerable Configurations

Part Description Count
Application
Microsoft
2

Oval

accepted2016-02-19T10:00:00.000-04:00
classvulnerability
contributors
  • nameTiffany Bergeron
    organizationThe MITRE Corporation
  • nameHarvey Rubinovitz
    organizationThe MITRE Corporation
  • nameChristine Walzer
    organizationThe MITRE Corporation
  • nameChristine Walzer
    organizationThe MITRE Corporation
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameMaria Mikhno
    organizationALTX-SOFT
definition_extensions
commentMicrosoft Internet Explorer 6 is installed
ovaloval:org.mitre.oval:def:563
descriptionInternet Explorer 5.5 and 6.0 allows remote attackers to read certain files and spoof the URL in the address bar by using the Document.open function to pass information between two frames from different domains, a new variant of the "Frame Domain Verification" vulnerability described in MS:MS01-058/CAN-2001-0874.
familywindows
idoval:org.mitre.oval:def:974
statusaccepted
submitted2004-04-29T04:00:00.000-04:00
titleIE Frame Domain Verification Vulnerability
version69

References