Lucene search

[email protected]CVE-2004-1155

HistoryDec 31, 2004 - 5:00 a.m.

CVE-2004-1155

2004-12-3105:00:00

[email protected]

web.nvd.nist.gov

cve

2004

1155

internet explorer

window injection

vulnerability

web security

remote attack

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.7 Medium

AI Score

Confidence

High

0.563 Medium

EPSS

Percentile

97.7%

JSON

Internet Explorer 5.01 through 6 allows remote attackers to spoof arbitrary web sites by injecting content from one window into another window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the “window injection” vulnerability. NOTE: later research shows that Internet Explorer 7 on Windows XP SP2 is also vulnerable.

Affected configurations

NVD

Node

microsoftieMatch5.0.1windows_2000

microsoftieMatch5.0.1windows_95

microsoftieMatch5.0.1windows_98

microsoftieMatch5.0.1windows_nt_4.0

microsoftieMatch5.2.3macintosh

microsoftieMatch6.0sp1

microsoftieMatch6.0sp2

microsoftieMatch7.0windows_xp_sp2

microsoftinternet_explorerMatch5.0.1

microsoftinternet_explorerMatch5.0.1sp1

microsoftinternet_explorerMatch5.0.1sp2

microsoftinternet_explorerMatch5.0.1sp3

microsoftinternet_explorerMatch5.0.1sp4

microsoftinternet_explorerMatch5.5

microsoftinternet_explorerMatch5.5preview

microsoftinternet_explorerMatch5.5sp1

microsoftinternet_explorerMatch5.5sp2

microsoftinternet_explorerMatch6.0

CPENameOperatorVersion
microsoft:iemicrosoft ieeq5.0.1
microsoft:iemicrosoft ieeq5.2.3
microsoft:iemicrosoft ieeq6.0
microsoft:iemicrosoft ieeq7.0
microsoft:internet_explorermicrosoft internet explorereq5.0.1
microsoft:internet_explorermicrosoft internet explorereq5.5
microsoft:internet_explorermicrosoft internet explorereq6.0

CPE	Name	Operator	Version
microsoft:ie	microsoft ie	eq	5.0.1
microsoft:ie	microsoft ie	eq	5.2.3
microsoft:ie	microsoft ie	eq	6.0
microsoft:ie	microsoft ie	eq	7.0
microsoft:internet_explorer	microsoft internet explorer	eq	5.0.1
microsoft:internet_explorer	microsoft internet explorer	eq	5.5
microsoft:internet_explorer	microsoft internet explorer	eq	6.0

References

secunia.com/advisories/13251/

secunia.com/advisories/22628

secunia.com/multiple_browsers_window_injection_vulnerability_test/

secunia.com/secunia_research/2004-13/advisory/

www.securityfocus.com/archive/1/449917/100/0/threaded

www.securityfocus.com/bid/11855

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.7 Medium

AI Score

Confidence

High

0.563 Medium

EPSS

Percentile

97.7%

JSON

Related for CVE-2004-1155

checkpoint_advisories1 cvelist1 nvd1