Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0027

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-0027
Last Modified 05 Sep 2008 04:26:59
Published 08 Mar 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0027

Summary

Internet Explorer 5.5 and 6.0 allows remote attackers to read certain files and spoof the URL in the address bar by using the Document.open function to pass information between two frames from different domains, a new variant of the "Frame Domain Verification" vulnerability described in MS:MS01-058/CAN-2001-0874.

Vulnerable Systems

Application

  • Microsoft Ie 5.5

  • Microsoft Ie 6.0


References

BID - 3721

MS - MS02-005

BUGTRAQ - 20011219 Internet Explorer Document.Open() Without Close() Cookie Stealing, File Reading, Site Spoofing Bug

OSVDB - 3031


Last Updated: 27 May 2016 10:36:44