CVE-2002-1187 | Vulnerability Database | Aqua Security

Cross-site scripting vulnerability (XSS) in Internet Explorer 5.01 through 6.0 allows remote attackers to read and execute files on the local system via web pages using the or element and javascript, aka Frames Cross Site Scripting, as demonstrated using the PrivacyPolicy.dlg resource.

Affected Software

Name	Vendor	Start Version	End Version
Internet_explorer	Microsoft	5.0 (including)	5.0 (including)
Internet_explorer	Microsoft	5.0.1 (including)	5.0.1 (including)
Internet_explorer	Microsoft	5.0.1-sp1 (including)	5.0.1-sp1 (including)
Internet_explorer	Microsoft	5.0.1-sp2 (including)	5.0.1-sp2 (including)
Internet_explorer	Microsoft	5.5 (including)	5.5 (including)
Internet_explorer	Microsoft	5.5-sp1 (including)	5.5-sp1 (including)
Internet_explorer	Microsoft	5.5-sp2 (including)	5.5-sp2 (including)
Internet_explorer	Microsoft	6.0 (including)	6.0 (including)

References

http://marc.info/?l=bugtraq\u0026m=103158601431054\u0026w=2
http://www.iss.net/security_center/static/10066.php
http://www.osvdb.org/2998
http://www.securityfocus.com/bid/5672
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A203
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A225

NVD	https://nvd.nist.gov/vuln/detail/CVE-2002-1187
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html