Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2000-0266


Vulnerability Score 2.6 2.6
CVE Id CVE-2000-0266
Last Modified 10 Sep 2008 03:03:47
Published 18 Apr 2000 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE



Internet Explorer 5.01 allows remote attackers to bypass the cross frame security policy via a malicious applet that interacts with the Java JSObject to modify the DOM properties to set the IFRAME to an arbitrary Javascript URL.

Vulnerable Systems


  • Microsoft Ie 5.0

  • Microsoft Ie 5.01


BID - 1121

BUGTRAQ - 20000418 IE 5 security vulnerablity - circumventing Cross-frame security policy using Java/JavaScript (and disabling Active Scripting is not that easy)

Last Updated: 27 May 2016 10:35:38