Vulnerabilities > CVE-2004-0727 - Unspecified vulnerability in Microsoft Internet Explorer 6.0.2800.1106
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability."
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | Microsoft Internet Explorer 5.0.1 JavaScript Method Assignment Cross-Domain Scripting Vulnerability. CVE-2004-0727. Remote exploit for windows platform |
| id | EDB-ID:24265 |
| last seen | 2016-02-02 |
| modified | 2004-07-12 |
| published | 2004-07-12 |
| reporter | Paul |
| source | https://www.exploit-db.com/download/24265/ |
| title | Microsoft Internet Explorer 5.0.1 JavaScript Method Assignment Cross-Domain Scripting Vulnerability |
Oval
accepted 2014-02-24T04:03:19.508-05:00 class vulnerability contributors name Harvey Rubinovitz organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc. name Maria Mikhno organization ALTX-SOFT
description Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability." family windows id oval:org.mitre.oval:def:4702 status accepted submitted 2004-10-19T07:27:00.000-04:00 title IE v5.01,SP4 Similar Method Name Redirection Cross Domain Vulnerability version 67 accepted 2014-02-24T04:03:25.399-05:00 class vulnerability contributors name Harvey Rubinovitz organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc. name Maria Mikhno organization ALTX-SOFT
description Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability." family windows id oval:org.mitre.oval:def:6829 status accepted submitted 2004-10-19T07:37:00.000-04:00 title IE v6.0,SP1 Similar Method Name Redirection Cross Domain Vulnerability version 68 accepted 2014-02-24T04:03:25.745-05:00 class vulnerability contributors name Harvey Rubinovitz organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc. name Maria Mikhno organization ALTX-SOFT
description Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability." family windows id oval:org.mitre.oval:def:7084 status accepted submitted 2004-10-19T07:22:00.000-04:00 title IE v5.01,SP3 Similar Method Name Redirection Cross Domain Vulnerability version 67 accepted 2014-02-24T04:03:26.407-05:00 class vulnerability contributors name Harvey Rubinovitz organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation name Andrew Simmons organization MessageLabs name Todd Dolinsky organization Hewlett-Packard name Maria Mikhno organization ALTX-SOFT
description Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability." family windows id oval:org.mitre.oval:def:7448 status accepted submitted 2004-10-19T07:31:00.000-04:00 title IE v5.5,SP2 Similar Method Name Redirection Cross Domain Vulnerability version 69 accepted 2014-02-24T04:03:26.550-05:00 class vulnerability contributors name Harvey Rubinovitz organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc. name John Hoyland organization Centennial Software name Maria Mikhno organization ALTX-SOFT
description Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability." family windows id oval:org.mitre.oval:def:7496 status accepted submitted 2004-10-19T07:40:00.000-04:00 title IE v6.0,SP2 for Server 2003 Similar Method Name Redirection Cross Domain Vulnerability version 67 accepted 2014-02-24T04:03:27.521-05:00 class vulnerability contributors name Harvey Rubinovitz organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation name John Hoyland organization Centennial Software name Maria Mikhno organization ALTX-SOFT
description Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability." family windows id oval:org.mitre.oval:def:7906 status accepted submitted 2004-10-19T04:00:00.000-04:00 title IE v6.0 Similar Method Name Redirection Cross Domain Vulnerability version 68
References
- http://freehost07.websamba.com/greyhats/similarmethodnameredir.htm
- http://www.us-cert.gov/cas/techalerts/TA04-293A.html
- http://www.kb.cert.org/vuls/id/207264
- http://secunia.com/advisories/12048
- http://marc.info/?l=bugtraq&m=108966512815373&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16681
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7906
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7496
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7448
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7084
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6829
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4702
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038