7.5

CVE-2003-0816

EPSS 67.22%
Published 03.02.2004 05:00:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability.

Affected products Warnungen 0 Metrics 2 CWE 0 References 33

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Ie Version6.0 Updatesp1

Microsoft ≫ Internet Explorer Version5.0.1

Microsoft ≫ Internet Explorer Version5.0.1 Updatesp1

Microsoft ≫ Internet Explorer Version5.0.1 Updatesp2

Microsoft ≫ Internet Explorer Version5.0.1 Updatesp3

Microsoft ≫ Internet Explorer Version5.5

Microsoft ≫ Internet Explorer Version5.5 Updatesp1

Microsoft ≫ Internet Explorer Version5.5 Updatesp2

Microsoft ≫ Internet Explorer Version6.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	67.22%	0.985

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://secunia.com/advisories/10192

http://securitytracker.com/id?1007687

http://www.securityfocus.com/archive/1/337086

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048

http://marc.info/?l=bugtraq&m=106321638416884&w=2

http://marc.info/?l=bugtraq&m=106321693517858&w=2

http://marc.info/?l=bugtraq&m=106321781819727&w=2

http://marc.info/?l=bugtraq&m=106321882821788&w=2

http://marc.info/?l=bugtraq&m=106322063729496&w=2

http://marc.info/?l=bugtraq&m=106322240132721&w=2

http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0146.html

http://www.kb.cert.org/vuls/id/652452

Patch

Third Party Advisory

US Government Resource

http://www.kb.cert.org/vuls/id/771604

US Government Resource

http://www.safecenter.net/UMBRELLAWEBV4/NAFfileJPU/NAFfileJPU-Content.htm

http://www.safecenter.net/UMBRELLAWEBV4/WsOpenFileJPU/WsOpenFileJPU-Content.HTM

http://www.safecenter.net/liudieyu/BackMyParent/BackMyParent-content.htm

http://www.safecenter.net/liudieyu/BackMyParent2/BackMyParent2-Content.HTM

http://www.safecenter.net/liudieyu/NAFjpuInHistory/NAFjpuInHistory-Content.HTM

http://www.safecenter.net/liudieyu/RefBack/RefBack-Content.HTM

http://www.safecenter.net/liudieyu/WsBASEjpu/WsBASEjpu-Content.HTM

http://www.safecenter.net/liudieyu/WsFakeSrc/WsFakeSrc-Content.HTM

http://www.safecenter.net/liudieyu/WsOpenJpuInHistory/WsOpenJpuInHistory-Content.HTM

http://www.securityfocus.com/archive/1/336937

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A361

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A362

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A363

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A409

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A416

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A459

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A479

https://nvd.nist.gov/vuln/detail/CVE-2003-0816

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2003-0816

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2003-0816

EUVD