Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-1410

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2001-1410
Last Modified 05 Sep 2008 04:26:29
Published 18 Aug 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2001-1410

Summary

Internet Explorer 6 and earlier allows remote attackers to create chromeless windows using the Javascript window.createPopup method, which could allow attackers to simulate a victim's display and conduct unauthorized activities or steal sensitive data via social engineering.

Vulnerable Systems

Application

  • Microsoft Ie 5.5

  • Microsoft Ie 6.0


References

CERT-VN - VU#490708

XF - ie-javascript-spoof-dialog(7313)

MISC - http://www.systemintegra.com/ie-fullscreen/

BID - 3469

BUGTRAQ - 20011021 Javascript in IE may spoof the whole screen

MISC - http://www.guninski.com/popspoof.html

MISC - http://www.doxdesk.com/personal/posts/bugtraq/20030713-ie/

BUGTRAQ - 20030715 Internet Explorer Full-Screen mode threats

BUGTRAQ - 20030713 IE chromeless window vulnerabilities


Last Updated: 27 May 2016 10:36:40