Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-1026

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2003-1026
Last Modified 10 Sep 2008 12:00:00
Published 20 Jan 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2003-1026

Summary

Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability."

Vulnerable Systems

Application

  • Microsoft Ie 5.0

  • Microsoft Ie 5.0.1

  • Microsoft Ie 5.5

  • Microsoft Ie 6.0


References

CERT - TA04-033A

CERT-VN - VU#784102

BUGTRAQ - 20031125 BackToFramedJpu - a successor of BackToJpu attack

XF - ie-subframe-xss(13846)

MISC - http://www.safecenter.net/UMBRELLAWEBV4/BackToFramedJpu

MS - MS04-004

BUGTRAQ - 20031201 Comments on 5 IE vulnerabilities


Last Updated: 27 May 2016 10:38:08