CVE-2003-1026
Severity CVSS v4.0:
Pending analysis
Type:
CWE-264
Permissions, Privileges, and Access Control
Publication date:
20/01/2004
Last modified:
03/04/2025
Description
Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability."
Impact
Base Score 2.0
9.30
Severity 2.0
HIGH
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:* | ||
cpe:2.3:a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:* | ||
cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:* | ||
cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:* | ||
cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:* | ||
cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:* | ||
cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:* | ||
cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:* | ||
cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://marc.info/?l=bugtraq&m=106979349517578&w=2
- http://marc.info/?l=bugtraq&m=107038202225587&w=2
- http://www.kb.cert.org/vuls/id/784102
- http://www.safecenter.net/UMBRELLAWEBV4/BackToFramedJpu
- http://www.us-cert.gov/cas/techalerts/TA04-033A.html
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-004
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13846
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A630
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A643
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A687
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A689
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A745
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A774
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A805
- http://marc.info/?l=bugtraq&m=106979349517578&w=2
- http://marc.info/?l=bugtraq&m=107038202225587&w=2
- http://www.kb.cert.org/vuls/id/784102
- http://www.safecenter.net/UMBRELLAWEBV4/BackToFramedJpu
- http://www.us-cert.gov/cas/techalerts/TA04-033A.html
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-004
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13846
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A630
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A643
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A687
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A689
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A745
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A774
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A805