| Vulnerability Name: | CVE-2004-0727 (CCN-16681) | ||||||||||||||||||||||||||||
| Assigned: | 2004-07-11 | ||||||||||||||||||||||||||||
| Published: | 2004-07-11 | ||||||||||||||||||||||||||||
| Updated: | 2021-07-23 | ||||||||||||||||||||||||||||
| Summary: | Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability." | ||||||||||||||||||||||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Sun Jul 11 2004 - 10:33:53 CDT MSIE Similar Method Name Redirection Cross Site/Zone Scripting Vulnerability Source: MITRE Type: CNA CVE-2004-0727 Source: MISC Type: UNKNOWN http://freehost07.websamba.com/greyhats/similarmethodnameredir.htm Source: BUGTRAQ Type: UNKNOWN 20040711 MSIE Similar Method Name Redirection Cross Site/Zone Scripting Source: CCN Type: SA12048 Microsoft Internet Explorer Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 12048 Source: CCN Type: CIAC Information Bulletin P-006 Microsoft Cumulative Security Update for Internet Explorer (834707) Source: CCN Type: US-CERT VU#207264 Microsoft Internet Explorer does not properly handle function redirection Source: CERT-VN Type: US Government Resource VU#207264 Source: CCN Type: Microsoft Security Bulletin MS04-038 Cumulative Security Update for Internet Explorer (834707) Source: CCN Type: Microsoft Security Bulletin MS04-040 Cumulative Security Update for Internet Explorer (889293) Source: CCN Type: Microsoft Security Bulletin MS05-014 Cumulative Security Update for Internet Explorer (867282) Source: CCN Type: Microsoft Security Bulletin MS05-020 Cumulative Security Update for Internet Explorer (890923) Source: CCN Type: Microsoft Security Bulletin MS05-025 Cumulative Security Update for Internet Explorer (883939) Source: CCN Type: Microsoft Security Bulletin MS05-038 Cumulative Security Update for Internet Explorer (896727) Source: CCN Type: Microsoft Security Bulletin MS05-052 Cumulative Security Update for Internet Explorer (896688) Source: CCN Type: Microsoft Security Bulletin MS05-054 Cumulative Security Update for Internet Explorer (905915) Source: CCN Type: Microsoft Security Bulletin MS06-004 Cumulative Security Update for Internet Explorer (910620) Source: CCN Type: Microsoft Security Bulletin MS06-013 Cumulative Security Update for Internet Explorer (912812) Source: CCN Type: Microsoft Security Bulletin MS06-021 Cumulative Security Update for Internet Explorer (916281) Source: CCN Type: Microsoft Security Bulletin MS06-042 Cumulative Security Update for Internet Explorer (918899) Source: CCN Type: Microsoft Security Bulletin MS06-067 Cumulative Security Update for Internet Explorer (922760) Source: CCN Type: Microsoft Security Bulletin MS06-072 Cumulative Security Update for Internet Explorer (925454) Source: CCN Type: Microsoft Security Bulletin MS07-016 Cumulative Security Update for Internet Explorer (928090) Source: CCN Type: Microsoft Security Bulletin MS07-027 Cumulative Security Update for Internet Explorer (931768) Source: CCN Type: Microsoft Security Bulletin MS07-033 Cumulative Security Update for Internet Explorer (933566) Source: CCN Type: Microsoft Security Bulletin MS07-045 Cumulative Security Update for Internet Explorer (937143) Source: CCN Type: Microsoft Security Bulletin MS07-057 Cumulative Security Update for Internet Explorer (939653) Source: CCN Type: Microsoft Security Bulletin MS07-069 Cumulative Security Update for Internet Explorer (942615) Source: CCN Type: Microsoft Security Bulletin MS08-010 Cumulative Security Update for Internet Explorer (944533) Source: CCN Type: Microsoft Security Bulletin MS08-024 Cumulative Security Update for Internet Explorer (947864) Source: CCN Type: Microsoft Security Bulletin MS08-031 Cumulative Security Update for Internet Explorer (950759) Source: CCN Type: Microsoft Security Bulletin MS08-045 Cumulative Security Update for Internet Explorer (953838) Source: CCN Type: Microsoft Security Bulletin MS08-058 Cumulative Security Update for Internet Explorer (956390) Source: CCN Type: BID-10689 Microsoft Internet Explorer JavaScript Method Assignment Cross-Domain Scripting Vulnerability Source: CERT Type: US Government Resource TA04-293A Source: MS Type: UNKNOWN MS04-038 Source: XF Type: UNKNOWN ie-function-redirect-xss(16681) Source: XF Type: UNKNOWN ie-function-redirect-xss(16681) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:4702 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:6829 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:7084 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:7448 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:7496 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:7906 | ||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||