CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
76.1%
A vulnerability exists in Microsoft Internet Explorer that could permit an attacker to execute arbitrary script, even if the user has specifically disabled active scripting.
Internet Explorer permits users to customize settings that enable and disable the ability of scripts to run on a web site. A vulnerability exists in Microsoft Internet Explorer, versions 5.5 up to and including SP2 and version 6, that could permit an attacker to execute arbitrary script, even if the user has specifically disabled active scripting.
A remote attacker can execute arbitrary script even though the user has disabled active scripting. Note that the script will still obey all zone restrictions for the domain.
Apply the patch specified in Microsoft’s Security Bulletin (MS02-005).
355971
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: September 30, 2002
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Please see Microsoft’s Security Bulletin (MS02-005).
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23355971 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
This vulnerability was reported in a Microsoft Security Bulletin.
This document was written by Jason A Rafail.
CVE IDs: | CVE-2002-0026 |
---|---|
Severity Metric: | 20.88 Date Public: |