Vulnerabilities > CVE-2003-1326 - Unspecified vulnerability in Microsoft IE and Internet Explorer

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
microsoft
NVD
Published: 2003-02-19
Updated: 2021-07-23

Summary

Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka "Improper Cross Domain Security Validation with dialog box."

Vulnerable Configurations

Part Description Count
Application
Microsoft
9

Oval

  • accepted2014-02-24T04:00:11.754-05:00
    classvulnerability
    contributors
    • nameAndrew Buttner
      organizationThe MITRE Corporation
    • nameChristine Walzer
      organizationThe MITRE Corporation
    • nameMaria Mikhno
      organizationALTX-SOFT
    descriptionMicrosoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka "Improper Cross Domain Security Validation with dialog box."
    familywindows
    idoval:org.mitre.oval:def:126
    statusaccepted
    submitted2004-01-27T05:00:00.000-04:00
    titleIE v6.0 Improper Cross Domain Security Validation with Dialog Box
    version66
  • accepted2014-02-24T04:00:23.739-05:00
    classvulnerability
    contributors
    • nameAndrew Buttner
      organizationThe MITRE Corporation
    • nameMaria Mikhno
      organizationALTX-SOFT
    descriptionMicrosoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka "Improper Cross Domain Security Validation with dialog box."
    familywindows
    idoval:org.mitre.oval:def:178
    statusaccepted
    submitted2004-01-27T12:00:00.000-04:00
    titleIE v5.5 Improper Cross Domain Security Validation with Dialog Box
    version66
  • accepted2014-02-24T04:03:20.061-05:00
    classvulnerability
    contributors
    • nameDavid Proulx
      organizationThe MITRE Corporation
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameMaria Mikhno
      organizationALTX-SOFT
    descriptionMicrosoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka "Improper Cross Domain Security Validation with dialog box."
    familywindows
    idoval:org.mitre.oval:def:49
    statusaccepted
    submitted2003-11-12T12:00:00.000-04:00
    titleIE v5.01 Improper Cross Domain Security Validation with Dialog Box
    version66

References