Vulnerabilities > CVE-2003-1328 - Unspecified vulnerability in Microsoft IE and Internet Explorer

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
microsoft
exploit available
NVD
Published: 2003-02-19
Updated: 2021-07-23

Summary

The showHelp() function in Microsoft Internet Explorer 5.01, 5.5, and 6.0 supports certain types of pluggable protocols that allow remote attackers to bypass the cross-domain security model and execute arbitrary code, aka "Improper Cross Domain Security Validation with ShowHelp functionality."

Vulnerable Configurations

Part Description Count
Application
Microsoft
9

Exploit-Db

descriptionMicrosoft Internet Explorer 5 ShowHelp Arbitrary Command Execution Vulnerability. CVE-2003-1328. Remote exploit for windows platform
idEDB-ID:22226
last seen2016-02-02
modified2003-02-05
published2003-02-05
reporterAndreas Sandblad
sourcehttps://www.exploit-db.com/download/22226/
titleMicrosoft Internet Explorer 5 ShowHelp Arbitrary Command Execution Vulnerability

Oval

accepted2014-02-24T04:03:23.759-05:00
classvulnerability
contributors
  • nameDavid Proulx
    organizationThe MITRE Corporation
  • nameChristine Walzer
    organizationThe MITRE Corporation
  • nameMaria Mikhno
    organizationALTX-SOFT
descriptionThe showHelp() function in Microsoft Internet Explorer 5.01, 5.5, and 6.0 supports certain types of pluggable protocols that allow remote attackers to bypass the cross-domain security model and execute arbitrary code, aka "Improper Cross Domain Security Validation with ShowHelp functionality."
familywindows
idoval:org.mitre.oval:def:57
statusaccepted
submitted2003-11-12T05:00:00.000-04:00
titleImproper Cross Domain Security Validation with ShowHelp Functionality
version66

References