Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0816

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2003-0816
Last Modified 10 Sep 2008 03:20:33
Published 03 Feb 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-0816

Summary

Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability.

Vulnerable Systems

Application

  • Microsoft Ie 5.0.1

  • Microsoft Ie 5.5

  • Microsoft Ie 6.0


References

CERT-VN - VU#652452

CERT-VN - VU#771604

MS - MS03-048

BUGTRAQ - 20030911 LiuDieYu's missing files are here.

MISC - http://www.safecenter.net/UMBRELLAWEBV4/WsOpenFileJPU/WsOpenFileJPU-Content.HTM

MISC - http://www.safecenter.net/UMBRELLAWEBV4/NAFfileJPU/NAFfileJPU-Content.htm

MISC - http://www.safecenter.net/liudieyu/WsOpenJpuInHistory/WsOpenJpuInHistory-Content.HTM

MISC - http://www.safecenter.net/liudieyu/WsFakeSrc/WsFakeSrc-Content.HTM

MISC - http://www.safecenter.net/liudieyu/WsBASEjpu/WsBASEjpu-Content.HTM

MISC - http://www.safecenter.net/liudieyu/RefBack/RefBack-Content.HTM

MISC - http://www.safecenter.net/liudieyu/NAFjpuInHistory/NAFjpuInHistory-Content.HTM

MISC - http://www.safecenter.net/liudieyu/BackMyParent2/BackMyParent2-Content.HTM

MISC - http://www.safecenter.net/liudieyu/BackMyParent/BackMyParent-content.htm

BUGTRAQ - 20030910 MSIE->NAFfileJPU

BUGTRAQ - 20030910 MSIE->WsOpenJpuInHistory

SECTRACK - 1007687

SECUNIA - 10192

BUGTRAQ - 20030910 MSIE->BackMyParent2:Multi-Thread version

BUGTRAQ - 20030910 MSIE->WsBASEjpu

BUGTRAQ - 20030910 MSIE->WsOpenFileJPU

BUGTRAQ - 20030910 MSIE->WsFakeSrc

BUGTRAQ - 20030910 MSIE->NAFjpuInHistory

BUGTRAQ - 20030910 MSIE->RefBack


Last Updated: 27 May 2016 10:38:04