New Search

IE v5.5SP2 Travel Log Cross Domain Vulnerability

oval:org.mitre.oval:def:689

Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame which is added to the history list and executed in the top window's zone when the history.back (back) function is called as demonstrated by BackToFramedJpu aka the "Travel Log Cross Domain Vulnerability."

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows ME
  • Microsoft Windows 2000
  • Microsoft Windows NT
Class:
vulnerability
Reference(s):
  • CVE-2003-1026
Product(s):
  • Microsoft Internet Explorer