Vulnerability Name: | CCN-17051 | ||||||
Published: | 2004-08-19 | ||||||
Updated: | 2004-08-19 | ||||||
Summary: | Microsoft Windows could allow a remote attacker to bypass zone restrictions and execute script in a victim's Intranet zone. By creating a malicious mhtml file containing a specially-crafted Content-Location header, a remote attacker could cause script to be executed in the Intranet zone instead of the Local Computer zone, once the file is opened. An attacker could exploit this vulnerability by hosting the malicious file on a Web site or by sending it to a victim in an email. | ||||||
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||
CVSS v2 Severity: | 5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
| ||||||
Vulnerability Consequences: | Bypass Security | ||||||
References: | Source: CCN Type: Full-Disclosure Mailing List, Thu Aug 19 2004 - 10:35:19 CDT Microsoft Windows XP SP2 Source: CCN Type: BID-10979 Microsoft Internet Explorer MHTML Content-Location Cross Security Domain Scripting Vulnerability Source: XF Type: UNKNOWN winxp-contentlocation-restriction-bypass(17051) | ||||||
Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
BACK |