CVE-2003-0814
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability.
| Software | From | Fixed in |
|---|---|---|
| microsoft / ie | 6.0-sp1 | 6.0-sp1.x |
| microsoft / internet_explorer | 5.5-sp2 | 5.5-sp2.x |
| microsoft / internet_explorer | 5.0.1 | 5.0.1.x |
| microsoft / internet_explorer | 5.0.1-sp2 | 5.0.1-sp2.x |
| microsoft / internet_explorer | 5.0.1-sp3 | 5.0.1-sp3.x |
| microsoft / internet_explorer | 5.0.1-sp1 | 5.0.1-sp1.x |
| microsoft / internet_explorer | 5.5 | 5.5.x |
| microsoft / internet_explorer | 5.5-sp1 | 5.5-sp1.x |
| microsoft / internet_explorer | 6.0 | 6.0.x |
- http://secunia.com/advisories/10192
- http://securitytracker.com/id?1007687
- http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0177.html
- http://www.kb.cert.org/vuls/id/326412
- http://www.safecenter.net/liudieyu/BodyRefreshLoadsJPU/BodyRefreshLoadsJPU-Content.htm
- http://www.securityfocus.com/archive/1/337086
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A335
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A341
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A342
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A343
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A344
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A349
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A392
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime