Multiple vulnerabilities in Microsoft Internet Explorer

vendor:

Internet Explorer

by:

SecurityFocus

7.5

CVSS

HIGH

Access control vulnerability

284

CWE

Product Name: Internet Explorer

Affected Version From: Internet Explorer 5.5

Affected Version To: Internet Explorer 6.0

Patch Exists: YES

Related CWE: CVE-2002-0392

CPE: a:microsoft:internet_explorer

Metasploit: https://www.rapid7.com/db/vulnerabilities/apache-httpd-cve-2002-0392/, https://www.rapid7.com/db/vulnerabilities/http-apache2-chunked-transfer-int-bof/, https://www.rapid7.com/db/vulnerabilities/apache-httpd-1_3_x-apache-chunked-encoding-vulnerability-cve-2002-0392/

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2002

Multiple vulnerabilities in Microsoft Internet Explorer

The vulnerabilities are due to how Internet Explorer handles cached objects. This vulnerability may allow remote attackers to execute script code in the context of other domains and security zones. Exploitation of this vulnerability may allow for theft of cookie information, website impersonation or disclosure and manipulation of local files.

Mitigation:

Upgrade to the latest version of Internet Explorer

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/6028/info

Multiple vulnerabilities have been reported for Microsoft Internet Explorer. These vulnerabilities have been reported to affect Internet Explorer 5.5 to 6.0. Internet Explorer 6.0 with Service Pack 1 and Internet Explorer 5 with Service Pack 2 are reportedly not vulnerable.

The vulnerabilities are due to how Internet Explorer handles cached objects. This vulnerability may allow remote attackers to execute script code in the context of other domains and security zones.

The cause appears to be a lack of access control checks when access to a document object is attempted through a separate reference to it. A malicious webmaster may exploit this vulnerability by creating a reference to several methods of the target child window. The attacker may then have the child window open a website in a different domain/Zone and obtain control of the newly created window to execute malicious code. As the domain/Zone is different in the child window, this should not be possible.

Several methods have been reported as being vulnerable to exploitation.

Exploitation of this vulnerability may allow for theft of cookie information, website impersonation or disclosure and manipulation of local files.

** Some reports indicate that Internet Explorer 6 with Service Pack may be vulnerable. 

<script language="jscript">
var oWin=open("blank.html","victim","width=100,height=100");
[Cache line here]
location.href="http://google.com";
setTimeout(
function () {
[Exploit line(s) here]
},
3000
);
</script>