CVE-2003-0447 Information

Description

The Custom HTTP Errors capability in Internet Explorer 5.01 5.5 and 6.0 allows remote attackers to execute script in the Local Zone via an argument to shdocvw.dll that causes a \javascript:\ link to be generated.

Reference

http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005763.html http://marc.info/?l=bugtraq&m=105585933614773&w=2 http://marc.info/?l=ntbugtraq&m=105585142406147&w=2 http://security.greymagic.com/adv/gm014-ie/