CVE-2003-0814 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2003-0814
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2003-0814

Description: Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability.

CVE Status: Candidate

References: ST 1007687 SAID Secunia Advisory: SA10192 OVAL http://oval.mitre.org/oval/definitions/data/oval349.html http://oval.mitre.org/oval/definitions/data/oval392.html http://oval.mitre.org/oval/definitions/data/oval344.html http://oval.mitre.org/oval/definitions/data/oval343.html http://oval.mitre.org/oval/definitions/data/oval335.html http://oval.mitre.org/oval/definitions/data/oval341.html http://oval.mitre.org/oval/definitions/data/oval342.html MS http://www.microsoft.com/technet/security/bulletin/ms03-048.asp MISC http://www.safecenter.net/liudieyu/BodyRefreshLoadsJPU/BodyRefreshLoadsJPU-Content.htm CERT-VN 326412 BUGTRAQ http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0177.html http://www.securityfocus.com/archive/1/337086

Return to the previous page.