CVE-2002-0027

Internet Explorer 5.5 and 6.0 allows remote attackers to read certain files and spoof the URL in the address bar by using the Document.open function to pass information between two frames from different domains, a new variant of the "Frame Domain Verification" vulnerability described in MS:MS01-058/CAN-2001-0874.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.osvdb.org/3031
http://www.securityfocus.com/archive/1/246522	Vendor Advisory
http://www.securityfocus.com/bid/3721	Exploit Patch Vendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-005
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A974

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:internet_explorer:5.5:::::::*
	cpe:2.3:a:microsoft:internet_explorer:6.0:::::::*

History

No history.

Information

Published : 2002-03-08 05:00

Updated : 2024-02-28 10:24

NVD link : CVE-2002-0027

Mitre link : CVE-2002-0027

CVE.ORG link : CVE-2002-0027

JSON object : View

Products Affected

microsoft

internet_explorer

CWE

NVD-CWE-Other

{"id": "CVE-2002-0027", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2002-03-08T05:00:00.000", "references": [{"url": "http://www.osvdb.org/3031", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/246522", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/3721", "tags": ["Exploit", "Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-005", "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A974", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Internet Explorer 5.5 and 6.0 allows remote attackers to read certain files and spoof the URL in the address bar by using the Document.open function to pass information between two frames from different domains, a new variant of the \"Frame Domain Verification\" vulnerability described in MS:MS01-058/CAN-2001-0874."}, {"lang": "es", "value": "Internet Explorer 5.5 y 6.0 permite a atacantes remotos leer ciertos ficheros y falsificar la URL en la barra de direcciones usando la funci\u00f3n document.open() para pasar informaci\u00f3n entre dos marcos de distintos dominios. Es una nueva variante de la vulnerabilidad \"Verificaci\u00f3n de dominio de marco\", descrita en Microsoft Security Bulletin MS01-058 / CAN-2001-0847."}], "lastModified": "2021-07-23T12:55:03.667", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A"}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}