CVE-2002-0027

Internet Explorer 5.5 and 6.0 allows remote attackers to read certain files and spoof the URL in the address bar by using the Document.open function to pass information between two frames from different domains, a new variant of the "Frame Domain Verification" vulnerability described in MS:MS01-058/CAN-2001-0874.

Published: Mar 8, 2002
Updated: Apr 13, 2023
CVE: CVE-2002-0027
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
microsoft / internet_explorer	5.5	5.5.x
microsoft / internet_explorer	6.0	6.0.x

http://www.osvdb.org/3031
http://www.securityfocus.com/archive/1/246522
http://www.securityfocus.com/bid/3721
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-005
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A974

Vulnerability Database

289,599

CVE-2002-0027