| Vulnerability Name: | CVE-2003-0816 (CCN-13677) | ||||||||||||||||||||||||||||||||
| Assigned: | 2003-11-11 | ||||||||||||||||||||||||||||||||
| Published: | 2003-11-11 | ||||||||||||||||||||||||||||||||
| Updated: | 2021-07-23 | ||||||||||||||||||||||||||||||||
| Summary: | Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability. | ||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2003-0816 Source: BUGTRAQ Type: UNKNOWN 20030910 MSIE->RefBack Source: BUGTRAQ Type: UNKNOWN 20030910 MSIE->NAFjpuInHistory Source: BUGTRAQ Type: UNKNOWN 20030910 MSIE->WsFakeSrc Source: BUGTRAQ Type: UNKNOWN 20030910 MSIE->WsOpenFileJPU Source: BUGTRAQ Type: UNKNOWN 20030910 MSIE->WsBASEjpu Source: BUGTRAQ Type: UNKNOWN 20030910 MSIE->BackMyParent2:Multi-Thread version Source: CCN Type: SA10192 Microsoft Internet Explorer Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 10192 Source: CCN Type: SECTRACK ID: 1007687 Microsoft Internet Explorer Various Cross-Domain Flaws Permit Remote Scripting in Arbitrary Domains Source: SECTRACK Type: UNKNOWN 1007687 Source: CCN Type: CIAC Information Bulletin O-021 Microsoft Cumulative Security Update for Internet Explorer Source: BUGTRAQ Type: UNKNOWN 20030910 MSIE->WsOpenJpuInHistory Source: CCN Type: US-CERT VU#652452 Microsoft Internet Explorer does not adequately validate javascript: protocol URL Source: CERT-VN Type: Patch, Third Party Advisory, US Government Resource VU#652452 Source: CCN Type: US-CERT VU#771604 Microsoft Internet Explorer does not properly validate URL sources Source: CERT-VN Type: US Government Resource VU#771604 Source: CCN Type: Microsoft Security Bulletin MS03-048 Cumulative Security Update for Internet Explorer (824145) Source: CCN Type: Microsoft Security Bulletin MS04-004 Cumulative Security Update for Internet Explorer (832894) Source: CCN Type: Microsoft Security Bulletin MS04-025 Cumulative Security Update for Internet Explorer (867801) Source: CCN Type: Microsoft Security Bulletin MS04-038 Cumulative Security Update for Internet Explorer (834707) Source: CCN Type: Microsoft Security Bulletin MS04-040 Cumulative Security Update for Internet Explorer (889293) Source: CCN Type: Microsoft Security Bulletin MS05-014 Cumulative Security Update for Internet Explorer (867282) Source: CCN Type: Microsoft Security Bulletin MS05-020 Cumulative Security Update for Internet Explorer (890923) Source: CCN Type: Microsoft Security Bulletin MS05-025 Cumulative Security Update for Internet Explorer (883939) Source: CCN Type: Microsoft Security Bulletin MS05-038 Cumulative Security Update for Internet Explorer (896727) Source: CCN Type: Microsoft Security Bulletin MS05-052 Cumulative Security Update for Internet Explorer (896688) Source: CCN Type: Microsoft Security Bulletin MS05-054 Cumulative Security Update for Internet Explorer (905915) Source: CCN Type: Microsoft Security Bulletin MS06-004 Cumulative Security Update for Internet Explorer (910620) Source: CCN Type: Microsoft Security Bulletin MS06-013 Cumulative Security Update for Internet Explorer (912812) Source: CCN Type: Microsoft Security Bulletin MS06-021 Cumulative Security Update for Internet Explorer (916281) Source: CCN Type: Microsoft Security Bulletin MS06-042 Cumulative Security Update for Internet Explorer (918899) Source: CCN Type: Microsoft Security Bulletin MS06-067 Cumulative Security Update for Internet Explorer (922760) Source: CCN Type: Microsoft Security Bulletin MS06-072 Cumulative Security Update for Internet Explorer (925454) Source: CCN Type: Microsoft Security Bulletin MS07-016 Cumulative Security Update for Internet Explorer (928090) Source: CCN Type: Microsoft Security Bulletin MS07-027 Cumulative Security Update for Internet Explorer (931768) Source: CCN Type: Microsoft Security Bulletin MS07-033 Cumulative Security Update for Internet Explorer (933566) Source: CCN Type: Microsoft Security Bulletin MS07-045 Cumulative Security Update for Internet Explorer (937143) Source: CCN Type: Microsoft Security Bulletin MS07-057 Cumulative Security Update for Internet Explorer (939653) Source: CCN Type: Microsoft Security Bulletin MS07-069 Cumulative Security Update for Internet Explorer (942615) Source: CCN Type: Microsoft Security Bulletin MS08-010 Cumulative Security Update for Internet Explorer (944533) Source: CCN Type: Microsoft Security Bulletin MS08-024 Cumulative Security Update for Internet Explorer (947864) Source: CCN Type: Microsoft Security Bulletin MS08-031 Cumulative Security Update for Internet Explorer (950759) Source: CCN Type: Microsoft Security Bulletin MS08-045 Cumulative Security Update for Internet Explorer (953838) Source: CCN Type: Microsoft Security Bulletin MS08-058 Cumulative Security Update for Internet Explorer (956390) Source: MISC Type: UNKNOWN http://www.safecenter.net/liudieyu/BackMyParent/BackMyParent-content.htm Source: MISC Type: UNKNOWN http://www.safecenter.net/liudieyu/BackMyParent2/BackMyParent2-Content.HTM Source: MISC Type: UNKNOWN http://www.safecenter.net/liudieyu/NAFjpuInHistory/NAFjpuInHistory-Content.HTM Source: MISC Type: UNKNOWN http://www.safecenter.net/liudieyu/RefBack/RefBack-Content.HTM Source: MISC Type: UNKNOWN http://www.safecenter.net/liudieyu/WsBASEjpu/WsBASEjpu-Content.HTM Source: MISC Type: UNKNOWN http://www.safecenter.net/liudieyu/WsFakeSrc/WsFakeSrc-Content.HTM Source: MISC Type: UNKNOWN http://www.safecenter.net/liudieyu/WsOpenJpuInHistory/WsOpenJpuInHistory-Content.HTM Source: MISC Type: UNKNOWN http://www.safecenter.net/UMBRELLAWEBV4/NAFfileJPU/NAFfileJPU-Content.htm Source: MISC Type: UNKNOWN http://www.safecenter.net/UMBRELLAWEBV4/WsOpenFileJPU/WsOpenFileJPU-Content.HTM Source: BUGTRAQ Type: UNKNOWN 20030910 MSIE->NAFfileJPU Source: BUGTRAQ Type: UNKNOWN 20030911 LiuDieYu's missing files are here. Source: CCN Type: BID-9013 Microsoft Internet Explorer Script URL Cross-Domain Access Violation Vulnerability Source: MS Type: UNKNOWN MS03-048 Source: XF Type: UNKNOWN ie-script-zone-bypass(13677) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:361 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:362 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:363 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:409 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:416 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:459 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:479 | ||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||