Vulnerabilities > CVE-2002-1187 - Unspecified vulnerability in Microsoft Internet Explorer

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
microsoft
exploit available

Summary

Cross-site scripting vulnerability (XSS) in Internet Explorer 5.01 through 6.0 allows remote attackers to read and execute files on the local system via web pages using the <frame> or <iframe> element and javascript, aka "Frames Cross Site Scripting," as demonstrated using the PrivacyPolicy.dlg resource.

Exploit-Db

descriptionMS IE 5 IFrame/Frame Cross-Site/Zone Script Execution Vulnerability. CVE-2002-1187. Remote exploit for windows platform
idEDB-ID:21777
last seen2016-02-02
modified2002-09-09
published2002-09-09
reporterGreyMagic Software
sourcehttps://www.exploit-db.com/download/21777/
titleMicrosoft Internet Explorer 5 IFrame/Frame Cross-Site/Zone Script Execution Vulnerability

Oval

  • accepted2014-02-24T04:00:26.679-05:00
    classvulnerability
    contributors
    • nameHarvey Rubinovitz
      organizationThe MITRE Corporation
    • nameChristine Walzer
      organizationThe MITRE Corporation
    • nameMaria Mikhno
      organizationALTX-SOFT
    description element and javascript, aka "Frames Cross Site Scripting," as demonstrated using the PrivacyPolicy.dlg resource.
    familywindows
    idoval:org.mitre.oval:def:203
    statusaccepted
    submitted2004-01-27T05:00:00.000-04:00
    titleIE v6.0 Frames Cross-site Scripting Vulnerability
    version67
  • accepted2014-02-24T04:03:11.752-05:00
    classvulnerability
    contributors
    • nameHarvey Rubinovitz
      organizationThe MITRE Corporation
    • nameMaria Mikhno
      organizationALTX-SOFT
    description element and javascript, aka "Frames Cross Site Scripting," as demonstrated using the PrivacyPolicy.dlg resource.
    familywindows
    idoval:org.mitre.oval:def:225
    statusaccepted
    submitted2004-01-27T12:00:00.000-04:00
    titleIE v5.5 Frames Cross-site Scripting Vulnerability
    version66