CVE-ID

CVE-2002-0723

• Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Description
Microsoft Internet Explorer 5.5 and 6.0 does not properly verify the domain of a frame within a browser window, which allows remote attackers to read client files or invoke executable objects via the Object tag, aka "Cross Domain Verification in Object Tag."
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
Date Entry Created
20020722 Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Modified (20030324-01)
Votes (Legacy)
ACCEPT(5) Armstrong, Baker, Cole, Foat, Wall
MODIFY(1) Frech
NOOP(2) Christey, Cox
Comments (Legacy)
 Christey> Need to verify with Microsoft that this is:
   BUGTRAQ:20020710 IE allows universal Cross Domain Scripting (TL#003)
   URL:http://www.securityfocus.com/archive/1/281367
   MISC:http://www.PivX.com/larholm/adv/TL003/
   BUGTRAQ:20020710 Exploit: TL003/Dot Bug = Reading Non-Parsable Files
   URL:http://www.securityfocus.com/archive/1/281660
 Frech> XF:ie-object-scripting(9537)

Proposed (Legacy)
20020830
This is an entry on the CVE list, which standardizes names for security problems.