New Search

IE v6.0 Domain Restriction Bypass Cross-Frame Scripting

oval:org.mitre.oval:def:272

Cross-Frame scripting vulnerability in the WebBrowser control as used in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code read arbitrary files or conduct other unauthorized activities via script that accesses the Document property which bypasses <frame> and <iframe> domain restrictions.

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows 2000
Class:
vulnerability
Reference(s):
  • CVE-2002-1217
Product(s):
  • Microsoft Internet Explorer