2017-10-16 12:31:07 -04:00
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org" ,
"ID" : "CVE-2003-0816" ,
"STATE" : "PUBLIC"
} ,
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a" ,
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
} ,
"vendor_name" : "n/a"
}
]
}
} ,
"data_format" : "MITRE" ,
"data_type" : "CVE" ,
"data_version" : "4.0" ,
"description" : {
"description_data" : [
{
"lang" : "eng" ,
"value" : "Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the \"Script URLs Cross Domain\" vulnerability."
}
]
} ,
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng" ,
"value" : "n/a"
}
]
}
]
} ,
"references" : {
"reference_data" : [
{
2018-04-05 09:33:01 -04:00
"name" : "20030910 MSIE->NAFfileJPU" ,
"refsource" : "BUGTRAQ" ,
2017-10-16 12:31:07 -04:00
"url" : "http://www.securityfocus.com/archive/1/336937"
} ,
{
2018-04-05 09:33:01 -04:00
"name" : "http://www.safecenter.net/UMBRELLAWEBV4/NAFfileJPU/NAFfileJPU-Content.htm" ,
"refsource" : "MISC" ,
2017-10-16 12:31:07 -04:00
"url" : "http://www.safecenter.net/UMBRELLAWEBV4/NAFfileJPU/NAFfileJPU-Content.htm"
} ,
{
2018-04-05 09:33:01 -04:00
"name" : "20030910 MSIE->WsOpenFileJPU" ,
"refsource" : "BUGTRAQ" ,
2017-10-16 12:31:07 -04:00
"url" : "http://marc.info/?l=bugtraq&m=106321882821788&w=2"
} ,
{
2018-04-05 09:33:01 -04:00
"name" : "http://www.safecenter.net/UMBRELLAWEBV4/WsOpenFileJPU/WsOpenFileJPU-Content.HTM" ,
"refsource" : "MISC" ,
2017-10-16 12:31:07 -04:00
"url" : "http://www.safecenter.net/UMBRELLAWEBV4/WsOpenFileJPU/WsOpenFileJPU-Content.HTM"
} ,
{
2018-04-05 09:33:01 -04:00
"name" : "20030910 MSIE->WsBASEjpu" ,
"refsource" : "BUGTRAQ" ,
2017-10-16 12:31:07 -04:00
"url" : "http://marc.info/?l=bugtraq&m=106322063729496&w=2"
} ,
{
2018-04-05 09:33:01 -04:00
"name" : "http://www.safecenter.net/liudieyu/WsBASEjpu/WsBASEjpu-Content.HTM" ,
"refsource" : "MISC" ,
2017-10-16 12:31:07 -04:00
"url" : "http://www.safecenter.net/liudieyu/WsBASEjpu/WsBASEjpu-Content.HTM"
} ,
{
2018-04-05 09:33:01 -04:00
"name" : "20030910 MSIE->WsFakeSrc" ,
"refsource" : "BUGTRAQ" ,
2017-10-16 12:31:07 -04:00
"url" : "http://marc.info/?l=bugtraq&m=106321781819727&w=2"
} ,
{
2018-04-05 09:33:01 -04:00
"name" : "http://www.safecenter.net/liudieyu/WsFakeSrc/WsFakeSrc-Content.HTM" ,
"refsource" : "MISC" ,
2017-10-16 12:31:07 -04:00
"url" : "http://www.safecenter.net/liudieyu/WsFakeSrc/WsFakeSrc-Content.HTM"
} ,
{
2018-04-05 09:33:01 -04:00
"name" : "20030910 MSIE->WsOpenJpuInHistory" ,
"refsource" : "BUGTRAQ" ,
2017-10-16 12:31:07 -04:00
"url" : "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0146.html"
} ,
{
2018-04-05 09:33:01 -04:00
"name" : "http://www.safecenter.net/liudieyu/WsOpenJpuInHistory/WsOpenJpuInHistory-Content.HTM" ,
"refsource" : "MISC" ,
2017-10-16 12:31:07 -04:00
"url" : "http://www.safecenter.net/liudieyu/WsOpenJpuInHistory/WsOpenJpuInHistory-Content.HTM"
} ,
{
2018-04-05 09:33:01 -04:00
"name" : "20030910 MSIE->NAFjpuInHistory" ,
"refsource" : "BUGTRAQ" ,
2017-10-16 12:31:07 -04:00
"url" : "http://marc.info/?l=bugtraq&m=106321693517858&w=2"
} ,
{
2018-04-05 09:33:01 -04:00
"name" : "http://www.safecenter.net/liudieyu/NAFjpuInHistory/NAFjpuInHistory-Content.HTM" ,
"refsource" : "MISC" ,
2017-10-16 12:31:07 -04:00
"url" : "http://www.safecenter.net/liudieyu/NAFjpuInHistory/NAFjpuInHistory-Content.HTM"
} ,
{
2018-04-05 09:33:01 -04:00
"name" : "20030910 MSIE->BackMyParent2:Multi-Thread version" ,
"refsource" : "BUGTRAQ" ,
2017-10-16 12:31:07 -04:00
"url" : "http://marc.info/?l=bugtraq&m=106322240132721&w=2"
} ,
{
2018-04-05 09:33:01 -04:00
"name" : "http://www.safecenter.net/liudieyu/BackMyParent2/BackMyParent2-Content.HTM" ,
"refsource" : "MISC" ,
2017-10-16 12:31:07 -04:00
"url" : "http://www.safecenter.net/liudieyu/BackMyParent2/BackMyParent2-Content.HTM"
} ,
{
2018-04-05 09:33:01 -04:00
"name" : "http://www.safecenter.net/liudieyu/BackMyParent/BackMyParent-content.htm" ,
"refsource" : "MISC" ,
2017-10-16 12:31:07 -04:00
"url" : "http://www.safecenter.net/liudieyu/BackMyParent/BackMyParent-content.htm"
} ,
{
2018-04-05 09:33:01 -04:00
"name" : "20030910 MSIE->RefBack" ,
"refsource" : "BUGTRAQ" ,
2017-10-16 12:31:07 -04:00
"url" : "http://marc.info/?l=bugtraq&m=106321638416884&w=2"
} ,
{
2018-04-05 09:33:01 -04:00
"name" : "http://www.safecenter.net/liudieyu/RefBack/RefBack-Content.HTM" ,
"refsource" : "MISC" ,
2017-10-16 12:31:07 -04:00
"url" : "http://www.safecenter.net/liudieyu/RefBack/RefBack-Content.HTM"
} ,
{
2018-04-05 09:33:01 -04:00
"name" : "20030911 LiuDieYu's missing files are here." ,
"refsource" : "BUGTRAQ" ,
2017-10-16 12:31:07 -04:00
"url" : "http://www.securityfocus.com/archive/1/337086"
} ,
{
2018-04-05 09:33:01 -04:00
"name" : "MS03-048" ,
"refsource" : "MS" ,
2018-10-12 16:04:25 -04:00
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048"
2017-10-16 12:31:07 -04:00
} ,
{
2018-04-05 09:33:01 -04:00
"name" : "VU#771604" ,
"refsource" : "CERT-VN" ,
2017-10-16 12:31:07 -04:00
"url" : "http://www.kb.cert.org/vuls/id/771604"
} ,
{
2018-04-05 09:33:01 -04:00
"name" : "VU#652452" ,
"refsource" : "CERT-VN" ,
2017-10-16 12:31:07 -04:00
"url" : "http://www.kb.cert.org/vuls/id/652452"
} ,
{
2018-04-05 09:33:01 -04:00
"name" : "oval:org.mitre.oval:def:361" ,
"refsource" : "OVAL" ,
2017-10-16 12:31:07 -04:00
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A361"
} ,
{
2018-04-05 09:33:01 -04:00
"name" : "oval:org.mitre.oval:def:362" ,
"refsource" : "OVAL" ,
2017-10-16 12:31:07 -04:00
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A362"
} ,
{
2018-04-05 09:33:01 -04:00
"name" : "oval:org.mitre.oval:def:363" ,
"refsource" : "OVAL" ,
2017-10-16 12:31:07 -04:00
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A363"
} ,
{
2018-04-05 09:33:01 -04:00
"name" : "oval:org.mitre.oval:def:409" ,
"refsource" : "OVAL" ,
2017-10-16 12:31:07 -04:00
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A409"
} ,
{
2018-04-05 09:33:01 -04:00
"name" : "oval:org.mitre.oval:def:416" ,
"refsource" : "OVAL" ,
2017-10-16 12:31:07 -04:00
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A416"
} ,
{
2018-04-05 09:33:01 -04:00
"name" : "oval:org.mitre.oval:def:459" ,
"refsource" : "OVAL" ,
2017-10-16 12:31:07 -04:00
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A459"
} ,
{
2018-04-05 09:33:01 -04:00
"name" : "oval:org.mitre.oval:def:479" ,
"refsource" : "OVAL" ,
2017-10-16 12:31:07 -04:00
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A479"
} ,
{
2018-04-05 09:33:01 -04:00
"name" : "1007687" ,
"refsource" : "SECTRACK" ,
2017-10-16 12:31:07 -04:00
"url" : "http://securitytracker.com/id?1007687"
} ,
{
2018-04-05 09:33:01 -04:00
"name" : "10192" ,
"refsource" : "SECUNIA" ,
2017-10-16 12:31:07 -04:00
"url" : "http://secunia.com/advisories/10192"
}
]
}
}
