Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1254

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-1254
Last Modified 10 Sep 2008 03:14:10
Published 11 Dec 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-1254

Summary

Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model and access information on the local system or in other domains, and possibly execute code, via cached methods and objects, aka "Cross Domain Verification via Cached Methods."

Vulnerable Systems

Application

  • Microsoft Ie 5.5

  • Microsoft Ie 6.0


References

BID - 6028

MS - MS02-066

XF - ie-cache-showmodaldialog-dom-access(10432)

XF - ie-cache-execcommand-dom-access(10439)

XF - ie-cache-getelementsbytagname-dom-access(10438)

XF - ie-cache-getelementsbyname-dom-access(10437)

XF - ie-cache-getelementbyid-dom-access(10436)

XF - ie-cache-elementfrompoint-dom-access(10435)

CIAC - N-018

MISC - http://security.greymagic.com/adv/gm012-ie/

BUGTRAQ - 20021022 Vulnerable cached objects in IE (9 advisories in 1)


Last Updated: 27 May 2016 10:37:15