Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0814

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2003-0814
Last Modified 10 Sep 2008 03:20:33
Published 03 Feb 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-0814

Summary

Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability.

Vulnerable Systems

Application

  • Microsoft Ie 5.0.1

  • Microsoft Ie 5.5

  • Microsoft Ie 6.0


References

CERT-VN - VU#326412

MS - MS03-048

BUGTRAQ - 20030911 LiuDieYu's missing files are here.

MISC - http://www.safecenter.net/liudieyu/BodyRefreshLoadsJPU/BodyRefreshLoadsJPU-Content.htm

BUGTRAQ - 20030910 MSIE->BodyRefreshLoadsJPU:refresh is a new navigation method

SECTRACK - 1007687

SECUNIA - 10192


Last Updated: 27 May 2016 10:38:04