Lucene search

[email protected]CVE-2004-0719

HistoryJul 27, 2004 - 4:00 a.m.

CVE-2004-0719

2004-07-2704:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2004-0719

internet explorer

frame injection

web site spoofing

security vulnerability

6.9 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.946 High

EPSS

Percentile

99.2%

JSON

Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, and possibly other versions, does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.

CPENameOperatorVersion
microsoft:iemicrosoft ieeq6.0
microsoft:internet_explorermicrosoft internet explorereq5.5
microsoft:internet_explorermicrosoft internet explorereq5.0.1
microsoft:internet_explorermicrosoft internet explorereq6.0

CPE	Name	Operator	Version
microsoft:ie	microsoft ie	eq	6.0
microsoft:internet_explorer	microsoft internet explorer	eq	5.5
microsoft:internet_explorer	microsoft internet explorer	eq	5.0.1
microsoft:internet_explorer	microsoft internet explorer	eq	6.0

References

secunia.com/advisories/11966

secunia.com/advisories/11978

secunia.com/multiple_browsers_frame_injection_vulnerability_test/

exchange.xforce.ibmcloud.com/vulnerabilities/1598

6.9 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.946 High

EPSS

Percentile

99.2%

JSON

Related for CVE-2004-0719

checkpoint_advisories1 symantec1 openvas2