Vulnerabilities > CVE-2002-1217 - Unspecified vulnerability in Microsoft Internet Explorer 5.5/6.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Cross-Frame scripting vulnerability in the WebBrowser control as used in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code, read arbitrary files, or conduct other unauthorized activities via script that accesses the Document property, which bypasses <frame> and <iframe> domain restrictions.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 4 |
Exploit-Db
| description | MS Internet Explorer 5/6 Unauthorized Document Object Model Access Vulnerability. CVE-2002-1217. Remote exploit for windows platform |
| id | EDB-ID:21940 |
| last seen | 2016-02-02 |
| modified | 2002-10-15 |
| published | 2002-10-15 |
| reporter | GreyMagic Software |
| source | https://www.exploit-db.com/download/21940/ |
| title | Microsoft Internet Explorer 5/6 Unauthorized Document Object Model Access Vulnerability |
Oval
accepted 2014-02-24T04:03:13.673-05:00 class vulnerability contributors name Harvey Rubinovitz organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation name Maria Mikhno organization ALTX-SOFT
description domain restrictions. family windows id oval:org.mitre.oval:def:272 status accepted submitted 2004-01-27T05:00:00.000-04:00 title IE v6.0 Domain Restriction Bypass Cross-Frame Scripting version 67 accepted 2014-02-24T04:03:15.073-05:00 class vulnerability contributors name Harvey Rubinovitz organization The MITRE Corporation name Maria Mikhno organization ALTX-SOFT
description domain restrictions. family windows id oval:org.mitre.oval:def:333 status accepted submitted 2004-01-27T12:00:00.000-04:00 title IE v5.5 Domain Restriction Bypass Cross-Frame Scripting version 66
References
- http://security.greymagic.com/adv/gm011-ie/
- http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0024.html
- http://www.iss.net/security_center/static/10371.php
- http://www.ciac.org/ciac/bulletins/n-018.shtml
- http://www.securityfocus.com/bid/5963
- http://marc.info/?l=bugtraq&m=103470310417576&w=2
- http://marc.info/?l=ntbugtraq&m=103470202010570&w=2
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A333
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A272
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066