Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
certCERTVU:355971
HistoryOct 01, 2002 - 12:00 a.m.

Microsoft Internet Explorer executes scripts when scripting has been disabled after bypassing initial security checks

2002-10-0100:00:00
www.kb.cert.org
14

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.005

Percentile

76.1%

JSON

Overview

A vulnerability exists in Microsoft Internet Explorer that could permit an attacker to execute arbitrary script, even if the user has specifically disabled active scripting.

Description

Internet Explorer permits users to customize settings that enable and disable the ability of scripts to run on a web site. A vulnerability exists in Microsoft Internet Explorer, versions 5.5 up to and including SP2 and version 6, that could permit an attacker to execute arbitrary script, even if the user has specifically disabled active scripting.

Impact

A remote attacker can execute arbitrary script even though the user has disabled active scripting. Note that the script will still obey all zone restrictions for the domain.

Solution

Apply the patch specified in Microsoft’s Security Bulletin (MS02-005).

Vendor Information

355971

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Microsoft Corporation __ Affected

Updated: September 30, 2002

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see Microsoft’s Security Bulletin (MS02-005).

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23355971 Feedback>).

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

This vulnerability was reported in a Microsoft Security Bulletin.

This document was written by Jason A Rafail.

Other Information

CVE IDs: CVE-2002-0026
Severity Metric: 20.88 Date Public:

Related

nvd 1
cvelist 1
cve 1
openvas 2
nvd
nvd
CVE-2002-0026
2002-03-08 05:00:00
cvelist
cvelist
CVE-2002-0026
2002-06-25 04:00:00
cve
cve
CVE-2002-0026
2002-06-25 04:00:00
openvas
openvas
IE 5.01 5.5 6.0 Cumulative patch (890923)
2005-11-03 00:00:00
IE 5.01 5.5 6.0 Cumulative patch (890923)
2005-11-03 00:00:00

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.005

Percentile

76.1%

JSON
Related for VU:355971
nvd1cvelist1cve1openvas2