Lucene search

[email protected]CVE-2003-0815

HistoryFeb 03, 2004 - 5:00 a.m.

CVE-2003-0815

2004-02-0305:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2003-0815

internet explorer

zone restrictions

remote attack

file access

7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

75.0%

JSON

Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the “Function Pointer Override Cross Domain” vulnerability.

CPENameOperatorVersion
microsoft:iemicrosoft ieeq6.0
microsoft:internet_explorermicrosoft internet explorereq5.5
microsoft:internet_explorermicrosoft internet explorereq5.0.1
microsoft:internet_explorermicrosoft internet explorereq6.0

CPE	Name	Operator	Version
microsoft:ie	microsoft ie	eq	6.0
microsoft:internet_explorer	microsoft internet explorer	eq	5.5
microsoft:internet_explorer	microsoft internet explorer	eq	5.0.1
microsoft:internet_explorer	microsoft internet explorer	eq	6.0

References

marc.info/?l=bugtraq&m=106321757619047&w=2

marc.info/?l=bugtraq&m=106322542104656&w=2

secunia.com/advisories/10192

securitytracker.com/id?1007687

www.ciac.org/ciac/bulletins/o-021.shtml

www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0150.html

www.osvdb.org/7888

www.osvdb.org/7889

www.safecenter.net/UMBRELLAWEBV4/Linkiller/Linkiller-Content.HTM

www.safecenter.net/UMBRELLAWEBV4/LinkillerJPU/LinkillerJPU-Content.HTM

www.safecenter.net/UMBRELLAWEBV4/LinkillerSaveRef/LinkillerSaveRef-Content.HTM

www.securityfocus.com/archive/1/337086

www.securityfocus.com/bid/9014

docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048

exchange.xforce.ibmcloud.com/vulnerabilities/13676

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A351

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A352

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A353

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A356

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A357

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A359

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A472

7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

75.0%

JSON

Related for CVE-2003-0815

securityvulns1 openvas2