9.3

CVE-2003-1026

Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftIe Version6.0 Updatesp1
MicrosoftInternet Explorer Version5.0
MicrosoftInternet Explorer Version5.0.1
MicrosoftInternet Explorer Version5.0.1 Updatesp1
MicrosoftInternet Explorer Version5.0.1 Updatesp2
MicrosoftInternet Explorer Version5.0.1 Updatesp3
MicrosoftInternet Explorer Version5.5
MicrosoftInternet Explorer Version5.5 Updatesp1
MicrosoftInternet Explorer Version5.5 Updatesp2
MicrosoftInternet Explorer Version6.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 39.21% 0.984
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.us-cert.gov/cas/techalerts/TA04-033A.html
US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-004
http://marc.info/?l=bugtraq&m=106979349517578&w=2
http://marc.info/?l=bugtraq&m=107038202225587&w=2
http://www.kb.cert.org/vuls/id/784102
Third Party Advisory
US Government Resource
http://www.safecenter.net/UMBRELLAWEBV4/BackToFramedJpu
https://exchange.xforce.ibmcloud.com/vulnerabilities/13846
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A630
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A643
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A687
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A689
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A745
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A774
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A805