Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
certCERTVU:462451
HistorySep 27, 2002 - 12:00 a.m.

Microsoft Internet Explorer allows read access to local files via incorrect VBScript handling

2002-09-2700:00:00
www.kb.cert.org
21

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS

0.143

Percentile

95.7%

JSON

Overview

A vulnerability in the cross-domain frame security model of Internet Explorer may allow remote attackers to view the contents of local files when a user views a malicious web page.

Description

There’s a vulnerability in the cross-domain frame security model of Internet Explorer that may allow malicious script to access the content in other frames. Internet Explorer versions 5.01, 5.5 and 6.0 have this vulnerability. By loading the contents of a local file into another frame, a malicious web page author may be able to view the contents of the file.

Impact

The contents of local files may be exposed to a malicious web page author when a user views the web page in Internet Explorer. The vulnerability may also allow the malicious web page author to view subsequent pages opened by the user.

Solution

Apply a Patch

Microsoft has published patches correcting this vulnerability. The patches are listed in their advisory at:

<http://www.microsoft.com/technet/security/bulletin/MS02-009.asp&gt;

Vendor Information

462451

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Microsoft Corporation __ Affected

Updated: July 16, 2002

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Microsoft has published a security bulletin describing this vulnerability at:

<http://www.microsoft.com/technet/security/bulletin/MS02-009.asp&gt;

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23462451 Feedback>).

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

Thanks to Zentai Peter Aron of Ivy Hungary Ltd for discovering this vulnerability.

This document was written by Cory F. Cohen.

Other Information

CVE IDs: CVE-2002-0052
Severity Metric: 3.38 Date Public:

Related

openvas 2
cve 1
nvd 1
nessus 1
cvelist 1
openvas
openvas
IE VBScript Handling patch (Q318089)
2005-11-03 00:00:00
IE VBScript Handling patch (Q318089)
2005-11-03 00:00:00
cve
cve
CVE-2002-0052
2002-06-25 04:00:00
nvd
nvd
CVE-2002-0052
2002-03-08 05:00:00
nessus
nessus
MS02-009: IE VBScript Handling patch (318089)
2002-03-27 00:00:00
cvelist
cvelist
CVE-2002-0052
2002-06-25 04:00:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS

0.143

Percentile

95.7%

JSON
Related for VU:462451
openvas2cve1nvd1nessus1cvelist1