CVE-2002-0027

{"id": "CVE-2002-0027", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2002-03-08T05:00:00.000", "references": [{"url": "http://www.osvdb.org/3031", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/246522", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/3721", "tags": ["Exploit", "Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-005", "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A974", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/3031", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/246522", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/3721", "tags": ["Exploit", "Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-005", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A974", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Internet Explorer 5.5 and 6.0 allows remote attackers to read certain files and spoof the URL in the address bar by using the Document.open function to pass information between two frames from different domains, a new variant of the \"Frame Domain Verification\" vulnerability described in MS:MS01-058/CAN-2001-0874."}, {"lang": "es", "value": "Internet Explorer 5.5 y 6.0 permite a atacantes remotos leer ciertos ficheros y falsificar la URL en la barra de direcciones usando la funci\u00f3n document.open() para pasar informaci\u00f3n entre dos marcos de distintos dominios. Es una nueva variante de la vulnerabilidad \"Verificaci\u00f3n de dominio de marco\", descrita en Microsoft Security Bulletin MS01-058 / CAN-2001-0847."}], "lastModified": "2024-11-20T23:38:07.410", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A"}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}