Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability.
References
Link Providers
http://marc.info/?l=bugtraq&m=106321638416884&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=106321693517858&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=106321781819727&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=106321882821788&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=106322063729496&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=106322240132721&w=2 cve-icon cve-icon
http://secunia.com/advisories/10192 cve-icon cve-icon
http://securitytracker.com/id?1007687 cve-icon cve-icon
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0146.html cve-icon cve-icon
http://www.kb.cert.org/vuls/id/652452 cve-icon cve-icon
http://www.kb.cert.org/vuls/id/771604 cve-icon cve-icon
http://www.safecenter.net/UMBRELLAWEBV4/NAFfileJPU/NAFfileJPU-Content.htm cve-icon cve-icon
http://www.safecenter.net/UMBRELLAWEBV4/WsOpenFileJPU/WsOpenFileJPU-Content.HTM cve-icon cve-icon
http://www.safecenter.net/liudieyu/BackMyParent/BackMyParent-content.htm cve-icon cve-icon
http://www.safecenter.net/liudieyu/BackMyParent2/BackMyParent2-Content.HTM cve-icon cve-icon
http://www.safecenter.net/liudieyu/NAFjpuInHistory/NAFjpuInHistory-Content.HTM cve-icon cve-icon
http://www.safecenter.net/liudieyu/RefBack/RefBack-Content.HTM cve-icon cve-icon
http://www.safecenter.net/liudieyu/WsBASEjpu/WsBASEjpu-Content.HTM cve-icon cve-icon
http://www.safecenter.net/liudieyu/WsFakeSrc/WsFakeSrc-Content.HTM cve-icon cve-icon
http://www.safecenter.net/liudieyu/WsOpenJpuInHistory/WsOpenJpuInHistory-Content.HTM cve-icon cve-icon
http://www.securityfocus.com/archive/1/336937 cve-icon cve-icon
http://www.securityfocus.com/archive/1/337086 cve-icon cve-icon
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048 cve-icon cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A361 cve-icon cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A362 cve-icon cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A363 cve-icon cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A409 cve-icon cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A416 cve-icon cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A459 cve-icon cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A479 cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2004-01-14T05:00:00

Updated: 2024-08-08T02:05:12.561Z

Reserved: 2003-09-18T00:00:00

Link: CVE-2003-0816

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2004-02-03T05:00:00.000

Modified: 2024-11-20T23:45:35.130

Link: CVE-2003-0816

cve-icon Redhat

No data.