CVE-2003-1027
6.5 Medium
AI Score
Confidence
Low
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.167 Low
EPSS
Percentile
96.0%
Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the “Function Pointer Drag and Drop Vulnerability.”
References
marc.info/?l=bugtraq&m=106979479719446&w=2
marc.info/?l=bugtraq&m=107038202225587&w=2
www.kb.cert.org/vuls/id/413886
www.safecenter.net/UMBRELLAWEBV4/HijackClickV2
www.securitytracker.com/id?1006036
www.us-cert.gov/cas/techalerts/TA04-033A.html
docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-004
exchange.xforce.ibmcloud.com/vulnerabilities/13844
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A527
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A529
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A530
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A531
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A532
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A534
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A629
Related
6.5 Medium
AI Score
Confidence
Low
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.167 Low
EPSS
Percentile
96.0%