CVE Vulnerabilities

CVE-2003-0814

Published: Feb 03, 2004 | Modified: Jul 23, 2021
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the windows href to the malicious Javascript, then calling execCommand(Refresh) to refresh the page, aka BodyRefreshLoadsJPU or the ExecCommand Cross Domain vulnerability.

Affected Software

Name Vendor Start Version End Version
Ie Microsoft 6.0-sp1 (including) 6.0-sp1 (including)
Internet_explorer Microsoft 5.0.1 (including) 5.0.1 (including)
Internet_explorer Microsoft 5.0.1-sp1 (including) 5.0.1-sp1 (including)
Internet_explorer Microsoft 5.0.1-sp2 (including) 5.0.1-sp2 (including)
Internet_explorer Microsoft 5.0.1-sp3 (including) 5.0.1-sp3 (including)
Internet_explorer Microsoft 5.5 (including) 5.5 (including)
Internet_explorer Microsoft 5.5-sp1 (including) 5.5-sp1 (including)
Internet_explorer Microsoft 5.5-sp2 (including) 5.5-sp2 (including)
Internet_explorer Microsoft 6.0 (including) 6.0 (including)

References