Cross-site scripting vulnerability (XSS) in Internet Explorer 5.01 through 6.0 allows remote attackers to read and execute files on the local system via web pages using the or element and javascript, aka Frames Cross Site Scripting, as demonstrated using the PrivacyPolicy.dlg resource.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Internet_explorer | Microsoft | 5.0 (including) | 5.0 (including) |
| Internet_explorer | Microsoft | 5.0.1 (including) | 5.0.1 (including) |
| Internet_explorer | Microsoft | 5.0.1-sp1 (including) | 5.0.1-sp1 (including) |
| Internet_explorer | Microsoft | 5.0.1-sp2 (including) | 5.0.1-sp2 (including) |
| Internet_explorer | Microsoft | 5.5 (including) | 5.5 (including) |
| Internet_explorer | Microsoft | 5.5-sp1 (including) | 5.5-sp1 (including) |
| Internet_explorer | Microsoft | 5.5-sp2 (including) | 5.5-sp2 (including) |
| Internet_explorer | Microsoft | 6.0 (including) | 6.0 (including) |
References
- http://marc.info/?l=bugtraq\u0026m=103158601431054\u0026w=2
- http://www.iss.net/security_center/static/10066.php
- http://www.osvdb.org/2998
- http://www.securityfocus.com/bid/5672
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A203
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A225
- http://marc.info/?l=bugtraq\u0026m=103158601431054\u0026w=2
- http://www.iss.net/security_center/static/10066.php
- http://www.osvdb.org/2998
- http://www.securityfocus.com/bid/5672
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A203
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A225