Vulnerabilities > CVE-2003-0815 - Unspecified vulnerability in Microsoft IE and Internet Explorer
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 9 |
Oval
accepted 2014-02-24T04:03:15.727-05:00 class vulnerability contributors name Andrew Buttner organization The MITRE Corporation name Andrew Buttner organization The MITRE Corporation name Andrew Buttner organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc. name Maria Mikhno organization ALTX-SOFT
description Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability. family windows id oval:org.mitre.oval:def:351 status accepted submitted 2003-11-12T12:00:00.000-04:00 title IE v5.01,SP2 Function Pointer Override Cross Domain Vulnerability version 67 accepted 2014-02-24T04:03:15.810-05:00 class vulnerability contributors name Andrew Buttner organization The MITRE Corporation name Andrew Buttner organization The MITRE Corporation name Andrew Buttner organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc. name Maria Mikhno organization ALTX-SOFT
description Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability. family windows id oval:org.mitre.oval:def:352 status accepted submitted 2003-11-12T12:00:00.000-04:00 title IE v5.01,SP3 Function Pointer Override Cross Domain Vulnerability version 67 accepted 2014-02-24T04:03:15.902-05:00 class vulnerability contributors name Andrew Buttner organization The MITRE Corporation name Andrew Buttner organization The MITRE Corporation name Andrew Buttner organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc. name Maria Mikhno organization ALTX-SOFT
description Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability. family windows id oval:org.mitre.oval:def:353 status accepted submitted 2003-11-12T12:00:00.000-04:00 title IE v5.01,SP4 Function Pointer Override Cross Domain Vulnerability version 67 accepted 2014-02-24T04:03:15.970-05:00 class vulnerability contributors name Andrew Buttner organization The MITRE Corporation name Andrew Buttner organization The MITRE Corporation name Andrew Buttner organization The MITRE Corporation name Maria Mikhno organization ALTX-SOFT
description Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability. family windows id oval:org.mitre.oval:def:356 status accepted submitted 2003-11-12T12:00:00.000-04:00 title IE v5.5,SP2 Function Pointer Override Cross Domain Vulnerability version 66 accepted 2014-02-24T04:03:16.038-05:00 class vulnerability contributors name Andrew Buttner organization The MITRE Corporation name Andrew Buttner organization The MITRE Corporation name Andrew Buttner organization The MITRE Corporation name Andrew Buttner organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc. name Maria Mikhno organization ALTX-SOFT
description Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability. family windows id oval:org.mitre.oval:def:357 status accepted submitted 2003-11-12T12:00:00.000-04:00 title IE v6.0,SP1 Function Pointer Override Cross Domain Vulnerability version 67 accepted 2014-02-24T04:03:16.175-05:00 class vulnerability contributors name Andrew Buttner organization The MITRE Corporation name Andrew Buttner organization The MITRE Corporation name Andrew Buttner organization The MITRE Corporation name Andrew Buttner organization The MITRE Corporation name Harvey Rubinovitz organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc. name Maria Mikhno organization ALTX-SOFT
description Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability. family windows id oval:org.mitre.oval:def:359 status accepted submitted 2003-11-12T12:00:00.000-04:00 title IE v6.0,SP1 (Server 2003) Function Pointer Override Cross Domain Vulnerability version 68 accepted 2014-02-24T04:03:19.720-05:00 class vulnerability contributors name Tiffany Bergeron organization The MITRE Corporation name Andrew Buttner organization The MITRE Corporation name Andrew Buttner organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation name Maria Mikhno organization ALTX-SOFT
description Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability. family windows id oval:org.mitre.oval:def:472 status accepted submitted 2003-11-12T05:00:00.000-04:00 title IE v6.0 (XP) Function Pointer Override Cross Domain Vulnerability version 67
References
- http://www.securityfocus.com/bid/9014
- http://www.securityfocus.com/archive/1/337086
- http://www.safecenter.net/UMBRELLAWEBV4/LinkillerSaveRef/LinkillerSaveRef-Content.HTM
- http://www.safecenter.net/UMBRELLAWEBV4/LinkillerJPU/LinkillerJPU-Content.HTM
- http://www.safecenter.net/UMBRELLAWEBV4/Linkiller/Linkiller-Content.HTM
- http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0150.html
- http://www.ciac.org/ciac/bulletins/o-021.shtml
- http://www.osvdb.org/7888
- http://www.osvdb.org/7889
- http://securitytracker.com/id?1007687
- http://secunia.com/advisories/10192
- http://marc.info/?l=bugtraq&m=106322542104656&w=2
- http://marc.info/?l=bugtraq&m=106321757619047&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13676
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A472
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A359
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A357
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A356
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A353
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A352
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A351
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048