SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

Download | Alert*

CVE

CVE-2002-1187

Cross-site scripting vulnerability (XSS) in Internet Explorer 5.01 through 6.0 allows remote attackers to read and execute files on the local system via web pages using the or element and javascript, aka "Frames Cross Site Scripting," as demonstrated using the PrivacyPolicy.dlg resource.</p><a id='hideExpand' onclick='showCVSS();' style='color:#08549c;cursor:pointer;font-size:14px;'><b style='font-size:13px' title='Only CVSSv2 is applicable for older CVE'><u>CVSS Score and Metrics </u>+</b></a><a id='hideCollapse' onclick='showCVSS();' style='color:#08549c;cursor:pointer;font-size:14px;'><b style='font-size:13px' title='Only CVSSv2 is applicable for older CVE'><u>CVSS Score and Metrics </u>-</b></a><p></p><table id='hideTable' cellspacing='3' cellpadding='0' border='0' align='left' style='color:#08549C;'><tr><td colspan='2' width='440px'><b style='font-size:13px'>CVSS V2 Severity:</b></td></tr><tr><td colspan='2' width='440px'>CVSS Score : 6.8</td></tr><tr><td colspan='2' width='440px'>Exploit Score: 8.6</td></tr><tr><td colspan='2' width='440px'>Impact Score: 6.4</td></tr><tr><td> </td></tr><tr><td colspan='2' width='440px'><b style='font-size:13px'>CVSS V2 Metrics:</b></td></tr><tr><td colspan='2' width='440px'>Access Vector: NETWORK</td></tr><tr><td colspan='2' width='440px'>Access Complexity: MEDIUM</td></tr><tr><td colspan='2' width='440px'>Authentication: NONE</td></tr><tr><td colspan='2' width='440px'>Confidentiality: PARTIAL</td></tr><tr><td colspan='2' width='440px'>Integrity: PARTIAL</td></tr><tr><td colspan='2' width='440px'>Availability: PARTIAL</td></tr><tr><td colspan='2' width='440px'> </td><td colspan='2' width='320px' align = 'left' valign = 'top'> </td></tr></table><table cellspacing='0' border='0' style='color:#08549C'><tr><td width='640px' valign='top'><b style='font-size:13px'>Reference:</b> </td></tr><tr> <td><a href="javascript: openReference('http://marc.info/?l=bugtraq&m=103158601431054&w=2')">http://marc.info/?l=bugtraq&m=103158601431054&w=2</a></td> </tr><tr> <td><a href="javascript: openReference('http://www.osvdb.org/2998')">OSVDB-2998</a></td> </tr><tr> <td><a href="javascript: openReference('http://www.securityfocus.com/bid/5672')">BID-5672</a></td> </tr><tr> <td><a href="javascript: openReference('https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066')">MS02-066</a></td> </tr><tr> <td><a href="javascript: openReference('http://www.iss.net/security_center/static/10066.php')">http://www.iss.net/security_center/static/10066.php</a></td> </tr><tr> <td><a href="javascript: openReference('https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A203')">oval:org.mitre.oval:def:203</a></td> </tr><tr> <td><a href="javascript: openReference('https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A225')">oval:org.mitre.oval:def:225</a></td> </tr></table></br> </div> </td> </tr> </table> </div> <a href="control.jsp?command=rearrange&selectedId=OVAL&relationId=CVE-2002-1187&search=CVE-2002-1187&OVALFilter=&CVEFilter=&CPEFilter=&CCEFilter=&CWEFilter=&XCCDFFilter=&OVAL-RFilter=" style="cursor:pointer;" onmouseOver="showIdsMouseOver('sub1')" onmouseOut="showIdsMouseOut('sub1')"> <div class='relation-div-small' id='sub1' style='left:45%;'> <font color="#08549C"> <table cellpadding="0" cellspacing="0" width="100%" border="0"> <tr> <td align="left"> <font color="#08549C"> <b>OVAL</b> </font> <font color="#08549C" size=3> <b>   2</b> </font> </td> </tr> </table> <div id="idDiv1" style="text-overflow:ellipsis;overflow:hidden;width:120px;" > <font size=1> oval:org.mitre.oval:def:225<br/> oval:org.mitre.oval:def:203<br/> </font> </div> </div> </a> <input id="idDivHidden1" name="idDivHidden1" type="hidden" value="oval:org.mitre.oval:def:225,oval:org.mitre.oval:def:203"> <div style="position:absolute;top:620px;left:540px;clear:both;"> <script> function footer(page){ window.open(page); } </script> <script src="/JavaScriptServlet" type="text/javascript"></script> <p style="clear:both;text-align:center;"> <center><p>© <script>document.write(new Date().getFullYear())</script> SecPod Technologies</p></center> </p> </div> </div> </body> </html>


30481



423868



255116



909



198683



282