CVE-2004-1155

Internet Explorer 5.01 through 6 allows remote attackers to spoof arbitrary web sites by injecting content from one window into another window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. NOTE: later research shows that Internet Explorer 7 on Windows XP SP2 is also vulnerable.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/advisories/13251/
http://secunia.com/advisories/22628
http://secunia.com/multiple_browsers_window_injection_vulnerability_test/	Vendor Advisory
http://secunia.com/secunia_research/2004-13/advisory/
http://www.securityfocus.com/archive/1/449917/100/0/threaded
http://www.securityfocus.com/bid/11855	Exploit Vendor Advisory
http://secunia.com/advisories/13251/
http://secunia.com/advisories/22628
http://secunia.com/multiple_browsers_window_injection_vulnerability_test/	Vendor Advisory
http://secunia.com/secunia_research/2004-13/advisory/
http://www.securityfocus.com/archive/1/449917/100/0/threaded
http://www.securityfocus.com/bid/11855	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:ie:5.0.1::windows_2000:::::
	cpe:2.3:a:microsoft:ie:5.0.1::windows_95:::::
	cpe:2.3:a:microsoft:ie:5.0.1::windows_98:::::
	cpe:2.3:a:microsoft:ie:5.0.1::windows_nt_4.0:::::
	cpe:2.3:a:microsoft:ie:5.2.3::macintosh:::::
	cpe:2.3:a:microsoft:ie:6.0:sp1::::::
	cpe:2.3:a:microsoft:ie:6.0:sp2::::::
	cpe:2.3:a:microsoft:ie:7.0:windows_xp_sp2::::::
	cpe:2.3:a:microsoft:internet_explorer:5.0.1:::::::*
	cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1::::::
	cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2::::::
	cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3::::::
	cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4::::::
	cpe:2.3:a:microsoft:internet_explorer:5.5:::::::*
	cpe:2.3:a:microsoft:internet_explorer:5.5:preview::::::
	cpe:2.3:a:microsoft:internet_explorer:5.5:sp1::::::
	cpe:2.3:a:microsoft:internet_explorer:5.5:sp2::::::
	cpe:2.3:a:microsoft:internet_explorer:6.0:::::::*

History

20 Nov 2024, 23:50

Type	Values Removed	Values Added
References	~~() http://secunia.com/advisories/13251/ -~~	() http://secunia.com/advisories/13251/ -
References	~~() http://secunia.com/advisories/22628 -~~	() http://secunia.com/advisories/22628 -
References	~~() http://secunia.com/multiple_browsers_window_injection_vulnerability_test/ - Vendor Advisory~~	() http://secunia.com/multiple_browsers_window_injection_vulnerability_test/ - Vendor Advisory
References	~~() http://secunia.com/secunia_research/2004-13/advisory/ -~~	() http://secunia.com/secunia_research/2004-13/advisory/ -
References	~~() http://www.securityfocus.com/archive/1/449917/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/449917/100/0/threaded -
References	~~() http://www.securityfocus.com/bid/11855 - Exploit, Vendor Advisory~~	() http://www.securityfocus.com/bid/11855 - Exploit, Vendor Advisory

Information

Published : 2004-12-31 05:00

Updated : 2024-11-20 23:50

NVD link : CVE-2004-1155

Mitre link : CVE-2004-1155

CVE.ORG link : CVE-2004-1155

JSON object : View

Products Affected

microsoft

ie
internet_explorer

CWE

NVD-CWE-Other

7.5 /10