Vulnerabilities > CVE-2002-1254 - Unspecified vulnerability in Microsoft IE and Internet Explorer
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model and access information on the local system or in other domains, and possibly execute code, via cached methods and objects, aka "Cross Domain Verification via Cached Methods."
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 5 |
Exploit-Db
| description | Microsoft Internet Explorer 5/6 Cached Objects Zone Bypass Vulnerability. CVE-2002-1254. Remote exploit for windows platform |
| id | EDB-ID:21959 |
| last seen | 2016-02-02 |
| modified | 2002-10-22 |
| published | 2002-10-22 |
| reporter | GreyMagic Software |
| source | https://www.exploit-db.com/download/21959/ |
| title | Microsoft Internet Explorer 5/6 Cached Objects Zone Bypass Vulnerability |
Oval
accepted 2014-02-24T04:03:17.188-05:00 class vulnerability contributors name Harvey Rubinovitz organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation name Maria Mikhno organization ALTX-SOFT
description Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model and access information on the local system or in other domains, and possibly execute code, via cached methods and objects, aka "Cross Domain Verification via Cached Methods." family windows id oval:org.mitre.oval:def:388 status accepted submitted 2004-01-27T05:00:00.000-04:00 title IE v6.0 Cross Domain Verification via Cached Methods Vulnerability version 67 accepted 2014-02-24T04:03:17.813-05:00 class vulnerability contributors name Harvey Rubinovitz organization The MITRE Corporation name Maria Mikhno organization ALTX-SOFT
description Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model and access information on the local system or in other domains, and possibly execute code, via cached methods and objects, aka "Cross Domain Verification via Cached Methods." family windows id oval:org.mitre.oval:def:408 status accepted submitted 2004-01-27T12:00:00.000-04:00 title IE v5.5 Cross Domain Verification via Cached Methods Vulnerability version 66
References
- http://www.securityfocus.com/bid/6028
- http://security.greymagic.com/adv/gm012-ie/
- http://www.ciac.org/ciac/bulletins/n-018.shtml
- http://www.iss.net/security_center/static/10435.php
- http://www.iss.net/security_center/static/10436.php
- http://www.iss.net/security_center/static/10437.php
- http://www.iss.net/security_center/static/10438.php
- http://www.iss.net/security_center/static/10439.php
- http://marc.info/?l=bugtraq&m=103530131201191&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/10432
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A408
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A388
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066