CVE-2003-1026 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2003-1026
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2003-1026

Description: Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability."

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/13846 OVAL http://oval.mitre.org/oval/definitions/data/oval805.html http://oval.mitre.org/oval/definitions/data/oval745.html http://oval.mitre.org/oval/definitions/data/oval774.html http://oval.mitre.org/oval/definitions/data/oval643.html http://oval.mitre.org/oval/definitions/data/oval687.html http://oval.mitre.org/oval/definitions/data/oval689.html http://oval.mitre.org/oval/definitions/data/oval630.html MS http://www.microsoft.com/technet/security/bulletin/ms04-004.asp MISC http://www.safecenter.net/UMBRELLAWEBV4/BackToFramedJpu CERT-VN 784102 CERT http://www.us-cert.gov/cas/techalerts/TA04-033A.html BUGTRAQ http://marc.theaimsgroup.com/?l=bugtraq&m=107038202225587&w=2 http://marc.theaimsgroup.com/?l=bugtraq&m=106979349517578&w=2

Return to the previous page.