Vulnerabilities > CVE-2003-0816 - Unspecified vulnerability in Microsoft IE and Internet Explorer
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 9 |
Exploit-Db
description Microsoft Internet Explorer 5 window.open Search Pane Cross-Zone Scripting Vulnerability. CVE-2003-0816. Remote exploit for windows platform id EDB-ID:23790 last seen 2016-02-02 modified 2003-09-10 published 2003-09-10 reporter Liu Die Yu source https://www.exploit-db.com/download/23790/ title Microsoft Internet Explorer 5 window.open Search Pane Cross-Zone Scripting Vulnerability description Microsoft Internet Explorer 6.0 Script Execution Vulnerabilities. CVE-2003-0816. Remote exploit for windows platform id EDB-ID:23131 last seen 2016-02-02 modified 2003-09-10 published 2003-09-10 reporter Liu Die Yu and Jelmer source https://www.exploit-db.com/download/23131/ title Microsoft Internet Explorer 6.0 Script Execution Vulnerabilities
Oval
accepted 2014-02-24T04:03:16.254-05:00 class vulnerability contributors name Andrew Buttner organization The MITRE Corporation name Andrew Buttner organization The MITRE Corporation name Andrew Buttner organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc. name Maria Mikhno organization ALTX-SOFT
description Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability. family windows id oval:org.mitre.oval:def:361 status accepted submitted 2003-11-12T12:00:00.000-04:00 title IE v5.01,SP2 Script URLs Cross Domain Zone Restrictions Bypass version 67 accepted 2014-02-24T04:03:16.335-05:00 class vulnerability contributors name Andrew Buttner organization The MITRE Corporation name Andrew Buttner organization The MITRE Corporation name Andrew Buttner organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc. name Maria Mikhno organization ALTX-SOFT
description Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability. family windows id oval:org.mitre.oval:def:362 status accepted submitted 2003-11-12T12:00:00.000-04:00 title IE v5.01,SP3 Script URLs Cross Domain Zone Restrictions Bypass version 67 accepted 2014-02-24T04:03:16.400-05:00 class vulnerability contributors name Andrew Buttner organization The MITRE Corporation name Andrew Buttner organization The MITRE Corporation name Andrew Buttner organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc. name Maria Mikhno organization ALTX-SOFT
description Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability. family windows id oval:org.mitre.oval:def:363 status accepted submitted 2003-11-12T12:00:00.000-04:00 title IE v5.01,SP4 Script URLs Cross Domain Zone Restrictions Bypass version 67 accepted 2014-02-24T04:03:17.934-05:00 class vulnerability contributors name Andrew Buttner organization The MITRE Corporation name Andrew Buttner organization The MITRE Corporation name Andrew Buttner organization The MITRE Corporation name Maria Mikhno organization ALTX-SOFT
description Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability. family windows id oval:org.mitre.oval:def:409 status accepted submitted 2003-11-12T12:00:00.000-04:00 title IE v5.5,SP2 Script URLs Cross Domain Zone Restrictions Bypass version 66 accepted 2014-02-24T04:03:18.084-05:00 class vulnerability contributors name Andrew Buttner organization The MITRE Corporation name Andrew Buttner organization The MITRE Corporation name Andrew Buttner organization The MITRE Corporation name Andrew Buttner organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc. name Maria Mikhno organization ALTX-SOFT
description Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability. family windows id oval:org.mitre.oval:def:416 status accepted submitted 2003-11-12T12:00:00.000-04:00 title IE v6.0,SP1 Script URLs Cross Domain Zone Restrictions Bypass version 67 accepted 2014-02-24T04:03:19.235-05:00 class vulnerability contributors name Andrew Buttner organization The MITRE Corporation name Andrew Buttner organization The MITRE Corporation name Andrew Buttner organization The MITRE Corporation name Andrew Buttner organization The MITRE Corporation name Harvey Rubinovitz organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc. name Maria Mikhno organization ALTX-SOFT
description Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability. family windows id oval:org.mitre.oval:def:459 status accepted submitted 2003-11-12T12:00:00.000-04:00 title IE v6.0,SP1 (Server 2003) Script URLs Cross Domain Zone Restrictions Bypass version 68 accepted 2014-02-24T04:03:19.800-05:00 class vulnerability contributors name Tiffany Bergeron organization The MITRE Corporation name Andrew Buttner organization The MITRE Corporation name Andrew Buttner organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation name Maria Mikhno organization ALTX-SOFT
description Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability. family windows id oval:org.mitre.oval:def:479 status accepted submitted 2003-11-12T05:00:00.000-04:00 title IE v6.0 (XP) Script URLs Cross Domain Zone Restrictions Bypass version 67
References
- http://www.kb.cert.org/vuls/id/652452
- http://www.safecenter.net/UMBRELLAWEBV4/NAFfileJPU/NAFfileJPU-Content.htm
- http://www.safecenter.net/UMBRELLAWEBV4/WsOpenFileJPU/WsOpenFileJPU-Content.HTM
- http://www.safecenter.net/liudieyu/WsBASEjpu/WsBASEjpu-Content.HTM
- http://www.safecenter.net/liudieyu/WsFakeSrc/WsFakeSrc-Content.HTM
- http://www.safecenter.net/liudieyu/WsOpenJpuInHistory/WsOpenJpuInHistory-Content.HTM
- http://www.safecenter.net/liudieyu/NAFjpuInHistory/NAFjpuInHistory-Content.HTM
- http://www.safecenter.net/liudieyu/BackMyParent2/BackMyParent2-Content.HTM
- http://www.safecenter.net/liudieyu/BackMyParent/BackMyParent-content.htm
- http://www.safecenter.net/liudieyu/RefBack/RefBack-Content.HTM
- http://www.securityfocus.com/archive/1/337086
- http://www.kb.cert.org/vuls/id/771604
- http://www.securityfocus.com/archive/1/336937
- http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0146.html
- http://securitytracker.com/id?1007687
- http://secunia.com/advisories/10192
- http://marc.info/?l=bugtraq&m=106321882821788&w=2
- http://marc.info/?l=bugtraq&m=106322240132721&w=2
- http://marc.info/?l=bugtraq&m=106322063729496&w=2
- http://marc.info/?l=bugtraq&m=106321781819727&w=2
- http://marc.info/?l=bugtraq&m=106321638416884&w=2
- http://marc.info/?l=bugtraq&m=106321693517858&w=2
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A479
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A459
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A416
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A409
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A363
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A362
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A361
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048