CVE-2002-1217

Cross-Frame scripting vulnerability in the WebBrowser control as used in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code, read arbitrary files, or conduct other unauthorized activities via script that accesses the Document property, which bypasses <frame> and <iframe> domain restrictions.

Published: Oct 28, 2002
Updated: Apr 13, 2023
CVE: CVE-2002-1217
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
microsoft / internet_explorer	5.5-sp2	5.5-sp2.x
microsoft / internet_explorer	5.5	5.5.x
microsoft / internet_explorer	5.5-sp1	5.5-sp1.x
microsoft / internet_explorer	6.0	6.0.x

http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0024.html
http://marc.info/?l=bugtraq&m=103470310417576&w=2
http://marc.info/?l=ntbugtraq&m=103470202010570&w=2
http://security.greymagic.com/adv/gm011-ie/
http://www.ciac.org/ciac/bulletins/n-018.shtml
http://www.iss.net/security_center/static/10371.php
http://www.securityfocus.com/bid/5963
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A272
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A333

Vulnerability Database

289,599

CVE-2002-1217