New Search

IE v6.0SP1 (Server 2003) Travel Log Cross Domain Vulnerability

oval:org.mitre.oval:def:805

Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame which is added to the history list and executed in the top window's zone when the history.back (back) function is called as demonstrated by BackToFramedJpu aka the "Travel Log Cross Domain Vulnerability."

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows Server 2003
Class:
vulnerability
Reference(s):
  • CVE-2003-1026
Product(s):
  • Microsoft Internet Explorer