CVE-2003-0814 Information
Description
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window’s \href\ to the malicious Javascript then calling execCommand(\Refresh) to refresh the page aka BodyRefreshLoadsJPU or the \ExecCommand Cross Domain\ vulnerability.
Reference
http://secunia.com/advisories/10192 http://securitytracker.com/id?1007687 http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0177.html http://www.kb.cert.org/vuls/id/326412 http://www.safecenter.net/liudieyu/BodyRefreshLoadsJPU/BodyRefreshLoadsJPU-Content.htm http://www.securityfocus.com/archive/1/337086 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A335 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A341 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A342 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A343 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A344 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A349 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A392
Share on: