[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248392

 
 

909

 
 

195452

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2003-0815Date: (C)2004-02-03   (M)2023-12-22


Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1007687
SECUNIA-10192
http://marc.info/?l=bugtraq&m=106322542104656&w=2
http://marc.info/?l=bugtraq&m=106321757619047&w=2
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0150.html
http://www.securityfocus.com/archive/1/337086
OSVDB-7888
OSVDB-7889
BID-9014
MS03-048
O-021
http://www.safecenter.net/UMBRELLAWEBV4/Linkiller/Linkiller-Content.HTM
http://www.safecenter.net/UMBRELLAWEBV4/LinkillerJPU/LinkillerJPU-Content.HTM
http://www.safecenter.net/UMBRELLAWEBV4/LinkillerSaveRef/LinkillerSaveRef-Content.HTM
ie-pointer-zone-bypass(13676)
oval:org.mitre.oval:def:351
oval:org.mitre.oval:def:352
oval:org.mitre.oval:def:353
oval:org.mitre.oval:def:356
oval:org.mitre.oval:def:357
oval:org.mitre.oval:def:359
oval:org.mitre.oval:def:472

OVAL    7
oval:org.mitre.oval:def:351
oval:org.mitre.oval:def:472
oval:org.mitre.oval:def:356
oval:org.mitre.oval:def:357
...

© SecPod Technologies