Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0116

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2003-0116
Last Modified 05 Sep 2008 04:33:31
Published 12 May 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-0116

Summary

Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check the Cascading Style Sheet input parameter for Modal dialogs, which allows remote attackers to read files on the local system via a web page containing script that creates a dialog and then accesses the target files, aka "Modal Dialog script execution."

Vulnerable Systems

Application

  • Microsoft Ie 5.0.1

  • Microsoft Ie 5.5

  • Microsoft Ie 6.0


References

CERT-VN - VU#244729

BID - 6306

MS - MS03-015

BUGTRAQ - 20021203 Poisonous Style for Dialog window turns the zone off.


Last Updated: 27 May 2016 10:37:48