Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0447

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2003-0447
Last Modified 10 Sep 2008 03:19:02
Published 24 Jul 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2003-0447

Summary

The Custom HTTP Errors capability in Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute script in the Local Zone via an argument to shdocvw.dll that causes a "javascript:" link to be generated.

Vulnerable Systems

Application

  • Microsoft Ie 5.01

  • Microsoft Ie 5.5

  • Microsoft Ie 6.0


References

MISC - http://security.greymagic.com/adv/gm014-ie/

NTBUGTRAQ - 20030617 Script Injection to Custom HTTP Errors in Local Zone (GM#014-IE)


Last Updated: 27 May 2016 10:37:55