Vulnerabilities > CVE-2003-0814 - Unspecified vulnerability in Microsoft IE and Internet Explorer
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 9 |
Oval
accepted 2014-02-24T04:03:15.131-05:00 class vulnerability contributors name Andrew Buttner organization The MITRE Corporation name Andrew Buttner organization The MITRE Corporation name Andrew Buttner organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc. name Maria Mikhno organization ALTX-SOFT
description Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability. family windows id oval:org.mitre.oval:def:335 status accepted submitted 2003-11-12T12:00:00.000-04:00 title IE v5.01,SP2 ExecCommand Cross Domain Zone Restriction Bypass version 67 accepted 2014-02-24T04:03:15.395-05:00 class vulnerability contributors name Andrew Buttner organization The MITRE Corporation name Andrew Buttner organization The MITRE Corporation name Andrew Buttner organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc. name Maria Mikhno organization ALTX-SOFT
description Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability. family windows id oval:org.mitre.oval:def:341 status accepted submitted 2003-11-12T12:00:00.000-04:00 title IE v5.01,SP3 ExecCommand Cross Domain Zone Restriction Bypass version 67 accepted 2014-02-24T04:03:15.460-05:00 class vulnerability contributors name Andrew Buttner organization The MITRE Corporation name Andrew Buttner organization The MITRE Corporation name Andrew Buttner organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc. name Maria Mikhno organization ALTX-SOFT
description Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability. family windows id oval:org.mitre.oval:def:342 status accepted submitted 2003-11-12T12:00:00.000-04:00 title IE v5.01,SP4 ExecCommand Cross Domain Zone Restriction Bypass version 67 accepted 2014-02-24T04:03:15.531-05:00 class vulnerability contributors name Andrew Buttner organization The MITRE Corporation name Andrew Buttner organization The MITRE Corporation name Andrew Buttner organization The MITRE Corporation name Maria Mikhno organization ALTX-SOFT
description Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability. family windows id oval:org.mitre.oval:def:343 status accepted submitted 2003-11-12T12:00:00.000-04:00 title IE v5.5,SP2 ExecCommand Cross Domain Zone Restriction Bypass version 66 accepted 2014-02-24T04:03:15.587-05:00 class vulnerability contributors name Andrew Buttner organization The MITRE Corporation name Andrew Buttner organization The MITRE Corporation name Andrew Buttner organization The MITRE Corporation name Andrew Buttner organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc. name Maria Mikhno organization ALTX-SOFT
description Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability. family windows id oval:org.mitre.oval:def:344 status accepted submitted 2003-11-12T12:00:00.000-04:00 title IE v6.0,SP1 ExecCommand Cross Domain Zone Restriction Bypass version 67 accepted 2014-02-24T04:03:15.657-05:00 class vulnerability contributors name Andrew Buttner organization The MITRE Corporation name Andrew Buttner organization The MITRE Corporation name Andrew Buttner organization The MITRE Corporation name Andrew Buttner organization The MITRE Corporation name Harvey Rubinovitz organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc. name Maria Mikhno organization ALTX-SOFT
description Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability. family windows id oval:org.mitre.oval:def:349 status accepted submitted 2003-11-12T12:00:00.000-04:00 title IE v6.0,SP1 (Server 2003) ExecCommand Cross Domain Zone Restriction Bypass version 68 accepted 2014-02-24T04:03:17.425-05:00 class vulnerability contributors name Tiffany Bergeron organization The MITRE Corporation name Andrew Buttner organization The MITRE Corporation name Andrew Buttner organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation name Maria Mikhno organization ALTX-SOFT
description Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability. family windows id oval:org.mitre.oval:def:392 status accepted submitted 2003-11-12T05:00:00.000-04:00 title IE v6.0 (XP) ExecCommand Cross Domain Zone Restriction Bypass version 67
References
- http://www.kb.cert.org/vuls/id/326412
- http://www.securityfocus.com/archive/1/337086
- http://www.safecenter.net/liudieyu/BodyRefreshLoadsJPU/BodyRefreshLoadsJPU-Content.htm
- http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0177.html
- http://securitytracker.com/id?1007687
- http://secunia.com/advisories/10192
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A392
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A349
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A344
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A343
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A342
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A341
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A335
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048