CVE-2002-1217
Microsoft Internet Explorer 5/6 - Unauthorized Document Object Model Access
Severity Score
7.5
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Cross-Frame scripting vulnerability in the WebBrowser control as used in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code, read arbitrary files, or conduct other unauthorized activities via script that accesses the Document property, which bypasses <frame> and <iframe> domain restrictions.
Vulnerabilidad de scripts en marcos cruzados en el control WebBrowser usado en Internet Explorer 5.5 y 6.0 permite a atacantes remotos ejecutar código arbitrario, leer ficheros arbitrarios, y llevar a cabo otras actividades no autorizadas mediante código que accede a la propiedad Document, lo que evita las restricciones de dominio de frame e iframe
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2002-10-15 CVE Reserved
- 2002-10-15 First Exploit
- 2002-10-21 CVE Published
- 2024-02-29 EPSS Updated
- 2024-08-08 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0024.html | Mailing List | |
| http://marc.info/?l=bugtraq&m=103470310417576&w=2 | Mailing List | |
| http://marc.info/?l=ntbugtraq&m=103470202010570&w=2 | Mailing List | |
| http://www.ciac.org/ciac/bulletins/n-018.shtml | Government Resource | |
| http://www.iss.net/security_center/static/10371.php | Vdb Entry | |
| http://www.securityfocus.com/bid/5963 | Vdb Entry | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A272 | Signature | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A333 | Signature |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/21940 | 2002-10-15 | |
| http://security.greymagic.com/adv/gm011-ie | 2024-08-08 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066 | 2021-07-23 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 5.5 Search vendor "Microsoft" for product "Internet Explorer" and version "5.5" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 5.5 Search vendor "Microsoft" for product "Internet Explorer" and version "5.5" | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 5.5 Search vendor "Microsoft" for product "Internet Explorer" and version "5.5" | sp2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 6.0 Search vendor "Microsoft" for product "Internet Explorer" and version "6.0" | - |
Affected
| ||||||