CVE-2002-1217
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
6.9 Medium
AI Score
Confidence
High
0.926 High
EPSS
Percentile
99.0%
Cross-Frame scripting vulnerability in the WebBrowser control as used in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code, read arbitrary files, or conduct other unauthorized activities via script that accesses the Document property, which bypasses <frame> and <iframe> domain restrictions.
Affected configurations
References
archives.neohapsis.com/archives/vulnwatch/2002-q4/0024.html
marc.info/?l=bugtraq&m=103470310417576&w=2
marc.info/?l=ntbugtraq&m=103470202010570&w=2
security.greymagic.com/adv/gm011-ie/
www.ciac.org/ciac/bulletins/n-018.shtml
www.iss.net/security_center/static/10371.php
www.securityfocus.com/bid/5963
docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A272
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A333
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
6.9 Medium
AI Score
Confidence
High
0.926 High
EPSS
Percentile
99.0%