CVE-2002-1217 Information

Description

Cross-Frame scripting vulnerability in the WebBrowser control as used in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code read arbitrary files or conduct other unauthorized activities via script that accesses the Document property which bypasses frame and iframe domain restrictions.

Reference

http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0024.html http://marc.info/?l=bugtraq&m=103470310417576&w=2 http://marc.info/?l=ntbugtraq&m=103470202010570&w=2 http://security.greymagic.com/adv/gm011-ie/ http://www.ciac.org/ciac/bulletins/n-018.shtml http://www.iss.net/security_center/static/10371.php http://www.securityfocus.com/bid/5963 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A272 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A333