Vulnerability Name: | CVE-2002-0027 (CCN-7737) | ||||||||
Assigned: | 2001-12-19 | ||||||||
Published: | 2001-12-19 | ||||||||
Updated: | 2021-07-23 | ||||||||
Summary: | Internet Explorer 5.5 and 6.0 allows remote attackers to read certain files and spoof the URL in the address bar by using the Document.open function to pass information between two frames from different domains, a new variant of the "Frame Domain Verification" vulnerability described in MS:MS01-058/CAN-2001-0874. | ||||||||
CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | Obtain Information | ||||||||
References: | Source: CCN Type: BugTraq Mailing List, Wed Dec 19 2001 - 17:59:14 CST Internet Explorer Document.Open() Without Close() Cookie Stealing, File Reading, Site Spoofing Bug Source: CCN Type: BugTraq Mailing List, Sat Feb 09 2002 - 14:34:51 CST MSN Messenger Hijacking Source: MITRE Type: CNA CVE-2002-0027 Source: CCN Type: Microsoft Product Support Services List of Fixes in Microsoft Internet Explorer 6 SP1 Source: CCN Type: CERT Tech Tips, February 2, 2000 Frequently Asked Questions About Malicious Web Scripts Redirected by Web Sites Source: CCN Type: CIAC Information Bulletin M-041 Microsoft Internet Explorer Cumulative Patch Source: CCN Type: US-CERT VU#598147 Microsoft Internet Explorer does not properly handle document.open() Source: CCN Type: Microsoft Security Bulletin MS00-033 Patch Available for "Frame Domain Verification", "Unauthorized Cookie Access", and "Malformed Component Attribute" Vulnerabilities Source: CCN Type: Microsoft Security Bulletin MS00-055 Patch Available for 'Scriptlet Rendering' Vulnerability Source: CCN Type: Microsoft Security Bulletin MS00-093 Patch Available for "Browser Print Template" and "File Upload via Form" Vulnerabilities Source: CCN Type: Microsoft Security Bulletin MS01-015 IE can Divulge Location of Cached Content Source: CCN Type: Microsoft Security Bulletin MS01-027 Flaws in Web Server Certificate Validation Could Enable Spoofing Source: CCN Type: Microsoft Security Bulletin MS01-058 13 December 2001 Cumulative Patch for IE Source: CCN Type: Microsoft Security Bulletin MS02-005 11 February 2002 Cumulative Patch for Internet Explorer Source: CCN Type: Microsoft Security Bulletin MS02-015 28 March 2002 Cumulative Patch for Internet Explorer Source: CCN Type: Microsoft Security Bulletin MS02-023 15 May 2002 Cumulative Patch for Internet Explorer (Q321232) Source: CCN Type: Microsoft Security Bulletin MS02-047 Cumulative Patch for Internet Explorer (Q323759) Source: CCN Type: Microsoft Security Bulletin MS02-066 Cumulative Patch for Internet Explorer (Q328970) Source: CCN Type: Microsoft Security Bulletin MS02-068 Cumulative Patch for Internet Explorer (324929) Source: CCN Type: Microsoft Security Bulletin MS03-004 Cumulative Patch for Internet Explorer (810847) Source: CCN Type: Microsoft Security Bulletin MS03-015 Cumulative Patch for Internet Explorer (813489) Source: CCN Type: Microsoft Security Bulletin MS03-020 Cumulative Patch for Internet Explorer (818529) Source: CCN Type: Microsoft Security Bulletin MS03-032 Cumulative Patch for Internet Explorer (822925) Source: CCN Type: Microsoft Security Bulletin MS03-040 Cumulative Patch for Internet Explorer (828750) Source: CCN Type: Microsoft Security Bulletin MS03-048 Cumulative Security Update for Internet Explorer (824145) Source: CCN Type: Microsoft Security Bulletin MS04-004 Cumulative Security Update for Internet Explorer (832894) Source: CCN Type: Microsoft Security Bulletin MS04-025 Cumulative Security Update for Internet Explorer (867801) Source: CCN Type: Microsoft Security Bulletin MS04-038 Cumulative Security Update for Internet Explorer (834707) Source: CCN Type: Microsoft Security Bulletin MS04-040 Cumulative Security Update for Internet Explorer (889293) Source: CCN Type: Microsoft Security Bulletin MS05-014 Cumulative Security Update for Internet Explorer (867282) Source: CCN Type: Microsoft Security Bulletin MS05-020 Cumulative Security Update for Internet Explorer (890923) Source: CCN Type: Microsoft Security Bulletin MS05-025 Cumulative Security Update for Internet Explorer (883939) Source: CCN Type: Microsoft Security Bulletin MS05-038 Cumulative Security Update for Internet Explorer (896727) Source: CCN Type: Microsoft Security Bulletin MS05-052 Cumulative Security Update for Internet Explorer (896688) Source: CCN Type: Microsoft Security Bulletin MS05-054 Cumulative Security Update for Internet Explorer (905915) Source: CCN Type: Microsoft Security Bulletin MS06-004 Cumulative Security Update for Internet Explorer (910620) Source: CCN Type: Microsoft Security Bulletin MS06-013 Cumulative Security Update for Internet Explorer (912812) Source: CCN Type: Microsoft Security Bulletin MS06-021 Cumulative Security Update for Internet Explorer (916281) Source: CCN Type: Microsoft Security Bulletin MS06-042 Cumulative Security Update for Internet Explorer (918899) Source: CCN Type: Microsoft Security Bulletin MS06-067 Cumulative Security Update for Internet Explorer (922760) Source: CCN Type: Microsoft Security Bulletin MS06-072 Cumulative Security Update for Internet Explorer (925454) Source: CCN Type: Microsoft Security Bulletin MS07-016 Cumulative Security Update for Internet Explorer (928090) Source: CCN Type: Microsoft Security Bulletin MS07-027 Cumulative Security Update for Internet Explorer (931768) Source: CCN Type: Microsoft Security Bulletin MS07-033 Cumulative Security Update for Internet Explorer (933566) Source: CCN Type: Microsoft Security Bulletin MS07-045 Cumulative Security Update for Internet Explorer (937143) Source: CCN Type: Microsoft Security Bulletin MS07-057 Cumulative Security Update for Internet Explorer (939653) Source: CCN Type: Microsoft Security Bulletin MS07-069 Cumulative Security Update for Internet Explorer (942615) Source: CCN Type: Microsoft Security Bulletin MS08-010 Cumulative Security Update for Internet Explorer (944533) Source: CCN Type: Microsoft Security Bulletin MS08-024 Cumulative Security Update for Internet Explorer (947864) Source: CCN Type: Microsoft Security Bulletin MS08-031 Cumulative Security Update for Internet Explorer (950759) Source: CCN Type: Microsoft Security Bulletin MS08-045 Cumulative Security Update for Internet Explorer (953838) Source: CCN Type: Microsoft Security Bulletin MS08-058 Cumulative Security Update for Internet Explorer (956390) Source: OSVDB Type: UNKNOWN 3031 Source: CCN Type: OSVDB ID: 2008 Microsoft IE Same Origin Policy Violation Source: CCN Type: OSVDB ID: 3031 Microsoft IE document.Open Same Origin Policy Violation Source: BUGTRAQ Type: Vendor Advisory 20011219 Internet Explorer Document.Open() Without Close() Cookie Stealing, File Reading, Site Spoofing Bug Source: BID Type: Exploit, Patch, Vendor Advisory 3721 Source: CCN Type: BID-3721 Microsoft IE Same Origin Policy Violation Vulnerability Source: MS Type: UNKNOWN MS02-005 Source: XF Type: UNKNOWN ie-same-origin-violation(7737) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:974 Source: CCN Type: Microsoft Knowledge Base Article 317729 MS02-005: Patch Is Available for a New Variant of the "Frame Domain Verification" Vulnerability (Q317729) Source: CCN Type: Microsoft Knowledge Base Article 328548 How to Obtain the Latest Service Pack for Internet Explorer 6 | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: ![]() | ||||||||
Oval Definitions | |||||||||
| |||||||||
BACK |