New Search

IE v5.01SP4 Travel Log Cross Domain Vulnerability

oval:org.mitre.oval:def:687

Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame which is added to the history list and executed in the top window's zone when the history.back (back) function is called as demonstrated by BackToFramedJpu aka the "Travel Log Cross Domain Vulnerability."

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows 2000
Class:
vulnerability
Reference(s):
  • CVE-2003-1026
Product(s):
  • Microsoft Internet Explorer