Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0446

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2003-0446
Last Modified 10 Sep 2008 03:19:02
Published 24 Jul 2003 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2003-0446

Summary

Cross-site scripting (XSS) in Internet Explorer 5.5 and 6.0, possibly in a component that is also used by other Microsoft products, allows remote attackers to insert arbitrary web script via an XML file that contains a parse error, which inserts the script in the resulting error message.

Vulnerable Systems

Application

  • Microsoft Ie 5.5

  • Microsoft Ie 6.0


References

MISC - http://security.greymagic.com/adv/gm013-ie/

NTBUGTRAQ - 20030617 Cross-Site Scripting in Unparsable XML Files (GM#013-IE)

BUGTRAQ - 20030617 Re: [Full-Disclosure] Cross-Site Scripting in Unparsable XML Files

XF - ie-msxml-xss(12334)

BID - 7938

OSVDB - 3065

SECUNIA - 9055

BUGTRAQ - 20030617 Re: Cross-Site Scripting in Unparsable XML Files (GM#013-IE)


Last Updated: 27 May 2016 10:37:54