Vulnerabilities > CVE-2003-1328 - Unspecified vulnerability in Microsoft IE and Internet Explorer
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The showHelp() function in Microsoft Internet Explorer 5.01, 5.5, and 6.0 supports certain types of pluggable protocols that allow remote attackers to bypass the cross-domain security model and execute arbitrary code, aka "Improper Cross Domain Security Validation with ShowHelp functionality."
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 9 |
Exploit-Db
description | Microsoft Internet Explorer 5 ShowHelp Arbitrary Command Execution Vulnerability. CVE-2003-1328. Remote exploit for windows platform |
id | EDB-ID:22226 |
last seen | 2016-02-02 |
modified | 2003-02-05 |
published | 2003-02-05 |
reporter | Andreas Sandblad |
source | https://www.exploit-db.com/download/22226/ |
title | Microsoft Internet Explorer 5 ShowHelp Arbitrary Command Execution Vulnerability |
Oval
accepted | 2014-02-24T04:03:23.759-05:00 | ||||||||||||
class | vulnerability | ||||||||||||
contributors |
| ||||||||||||
description | The showHelp() function in Microsoft Internet Explorer 5.01, 5.5, and 6.0 supports certain types of pluggable protocols that allow remote attackers to bypass the cross-domain security model and execute arbitrary code, aka "Improper Cross Domain Security Validation with ShowHelp functionality." | ||||||||||||
family | windows | ||||||||||||
id | oval:org.mitre.oval:def:57 | ||||||||||||
status | accepted | ||||||||||||
submitted | 2003-11-12T05:00:00.000-04:00 | ||||||||||||
title | Improper Cross Domain Security Validation with ShowHelp Functionality | ||||||||||||
version | 66 |
References
- http://www.iss.net/security_center/static/11259.php
- http://archives.neohapsis.com/archives/bugtraq/2003-02/0083.html
- http://www.kb.cert.org/vuls/id/400577
- http://www.ciac.org/ciac/bulletins/n-038.shtml
- http://www.securityfocus.com/bid/6780
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A57
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-004