Vulnerability CVE-2001-0246

Vulnerability Name:

CVE-2001-0246 (CCN-6748)

Assigned:

2001-05-16

Published:

2001-05-16

Updated:

2021-07-23

Summary:

Internet Explorer 5.5 and earlier does not properly verify the domain of a frame within a browser window, which allows remote web site operators to read certain files on the client by sending information from a local frame to a frame in a different domain, aka a variant of the "Frame Domain Verification" vulnerability.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2001-0246

Source: MITRE
Type: CNA
CVE-2001-0332

Source: CCN
Type: Microsoft Security Bulletin MS00-033
Patch Available for "Frame Domain Verification", "Unauthorized Cookie Access", and "Malformed Component Attribute" Vulnerabilities

Source: CCN
Type: Microsoft Security Bulletin MS00-055
Patch Available for 'Scriptlet Rendering' Vulnerability

Source: CCN
Type: Microsoft Security Bulletin MS00-093
Patch Available for "Browser Print Template" and "File Upload via Form" Vulnerabilities

Source: CCN
Type: Microsoft Security Bulletin MS01-015
IE can Divulge Location of Cached Content

Source: CCN
Type: Microsoft Security Bulletin MS01-027
Flaws in Web Server Certificate Validation Could Enable Spoofing

Source: CCN
Type: Microsoft Security Bulletin MS02-001
Trusting Domains Do Not Verify Domain Membership of SIDs in Authorization Data

Source: CCN
Type: OSVDB ID: 7859
Microsoft IE Frame Domain Verification Arbitrary File Access

Source: CCN
Type: BID-1636
Microsoft Internet Explorer Navigate Function Cross Frame Access Vulnerability

Source: MS
Type: UNKNOWN
MS01-027

Source: XF
Type: UNKNOWN
ie-frame-verification-variant(6748)

Vulnerable Configuration:

Configuration 1:

cpe:/a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*

OR cpe:/a:microsoft:internet_explorer:*:*:*:*:*:*:*:* (Version <= 5.5)

Configuration CCN 1:

cpe:/a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*

OR cpe:/a:microsoft:internet_explorer:5.5:-:*:*:*:*:*:*

Denotes that component is vulnerable

BACK