National Vulnerability Database (NVD) National Vulnerability Database (CVE-2003-0816)

National Cyber-Alert System

Vulnerability Summary for CVE-2003-0816

Original release date:02/03/2004

Last revised:09/10/2008

Source: US-CERT/NIST

Overview

Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability.

Impact

CVSS Severity (version 2.0):

CVSS v2 Base Score:7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)

Impact Subscore: 6.4

Exploitability Subscore: 10.0

CVSS Version 2 Metrics:

Access Vector: Network exploitable

Access Complexity: Low

Authentication: Not required to exploit

Impact Type:Provides user account access, Allows partial confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

US-CERT Vulnerability Note: VU#652452

Name: VU#652452

Type: Advisory; Patch Information

Hyperlink:http://www.kb.cert.org/vuls/id/652452

US-CERT Vulnerability Note: VU#771604

Name: VU#771604

Hyperlink:http://www.kb.cert.org/vuls/id/771604

External Source: MS

Name: MS03-048

Type: Advisory; Patch Information

Hyperlink:http://www.microsoft.com/technet/security/bulletin/ms03-048.asp

External Source: BUGTRAQ

Name: 20030911 LiuDieYu's missing files are here.

Hyperlink:http://www.securityfocus.com/archive/1/337086

External Source: MISC

Name: http://www.safecenter.net/UMBRELLAWEBV4/WsOpenFileJPU/WsOpenFileJPU-Content.HTM

Hyperlink:http://www.safecenter.net/UMBRELLAWEBV4/WsOpenFileJPU/WsOpenFileJPU-Content.HTM

External Source: MISC

Name: http://www.safecenter.net/UMBRELLAWEBV4/NAFfileJPU/NAFfileJPU-Content.htm

Hyperlink:http://www.safecenter.net/UMBRELLAWEBV4/NAFfileJPU/NAFfileJPU-Content.htm

External Source: MISC

Name: http://www.safecenter.net/liudieyu/WsOpenJpuInHistory/WsOpenJpuInHistory-Content.HTM

Hyperlink:http://www.safecenter.net/liudieyu/WsOpenJpuInHistory/WsOpenJpuInHistory-Content.HTM

External Source: MISC

Name: http://www.safecenter.net/liudieyu/WsFakeSrc/WsFakeSrc-Content.HTM

Hyperlink:http://www.safecenter.net/liudieyu/WsFakeSrc/WsFakeSrc-Content.HTM

External Source: MISC

Name: http://www.safecenter.net/liudieyu/WsBASEjpu/WsBASEjpu-Content.HTM

Hyperlink:http://www.safecenter.net/liudieyu/WsBASEjpu/WsBASEjpu-Content.HTM

External Source: MISC

Name: http://www.safecenter.net/liudieyu/RefBack/RefBack-Content.HTM

Hyperlink:http://www.safecenter.net/liudieyu/RefBack/RefBack-Content.HTM

External Source: MISC

Name: http://www.safecenter.net/liudieyu/NAFjpuInHistory/NAFjpuInHistory-Content.HTM

Hyperlink:http://www.safecenter.net/liudieyu/NAFjpuInHistory/NAFjpuInHistory-Content.HTM

External Source: MISC

Name: http://www.safecenter.net/liudieyu/BackMyParent2/BackMyParent2-Content.HTM

Hyperlink:http://www.safecenter.net/liudieyu/BackMyParent2/BackMyParent2-Content.HTM

External Source: MISC

Name: http://www.safecenter.net/liudieyu/BackMyParent/BackMyParent-content.htm

Hyperlink:http://www.safecenter.net/liudieyu/BackMyParent/BackMyParent-content.htm

External Source: BUGTRAQ

Name: 20030910 MSIE->NAFfileJPU

Hyperlink:http://www.securityfocus.com/archive/1/336937

External Source: BUGTRAQ

Name: 20030910 MSIE->WsOpenJpuInHistory

Hyperlink:http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0146.html

External Source: SECTRACK

Name: 1007687

Hyperlink:http://securitytracker.com/id?1007687

External Source: SECUNIA

Name: 10192

Hyperlink:http://secunia.com/advisories/10192

External Source: BUGTRAQ

Name: 20030910 MSIE->BackMyParent2:Multi-Thread version

Hyperlink:http://marc.theaimsgroup.com/?l=bugtraq&m=106322240132721&w=2

External Source: BUGTRAQ

Name: 20030910 MSIE->WsBASEjpu

Hyperlink:http://marc.theaimsgroup.com/?l=bugtraq&m=106322063729496&w=2

External Source: BUGTRAQ

Name: 20030910 MSIE->WsOpenFileJPU

Hyperlink:http://marc.theaimsgroup.com/?l=bugtraq&m=106321882821788&w=2

External Source: BUGTRAQ

Name: 20030910 MSIE->WsFakeSrc

Hyperlink:http://marc.theaimsgroup.com/?l=bugtraq&m=106321781819727&w=2

External Source: BUGTRAQ

Name: 20030910 MSIE->NAFjpuInHistory

Hyperlink:http://marc.theaimsgroup.com/?l=bugtraq&m=106321693517858&w=2

External Source: BUGTRAQ

Name: 20030910 MSIE->RefBack

Hyperlink:http://marc.theaimsgroup.com/?l=bugtraq&m=106321638416884&w=2

US Government Resource: oval:org.mitre.oval:def:479

Name: oval:org.mitre.oval:def:479

Type: Tool Signature

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:479

US Government Resource: oval:org.mitre.oval:def:459

Name: oval:org.mitre.oval:def:459

Type: Tool Signature

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:459

US Government Resource: oval:org.mitre.oval:def:416

Name: oval:org.mitre.oval:def:416

Type: Tool Signature

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:416

US Government Resource: oval:org.mitre.oval:def:409

Name: oval:org.mitre.oval:def:409

Type: Tool Signature

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:409

US Government Resource: oval:org.mitre.oval:def:363

Name: oval:org.mitre.oval:def:363

Type: Tool Signature

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:363

US Government Resource: oval:org.mitre.oval:def:362

Name: oval:org.mitre.oval:def:362

Type: Tool Signature

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:362

US Government Resource: oval:org.mitre.oval:def:361

Name: oval:org.mitre.oval:def:361

Type: Tool Signature

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:361

Vulnerable software and versions

Configuration 1

* cpe:/a:microsoft:ie:5.0.1

* cpe:/a:microsoft:ie:5.0.1:sp1

* cpe:/a:microsoft:ie:5.0.1:sp2

* cpe:/a:microsoft:ie:5.0.1:sp3

* cpe:/a:microsoft:ie:5.5

* cpe:/a:microsoft:ie:5.5:sp1

* cpe:/a:microsoft:ie:5.5:sp2

* cpe:/a:microsoft:ie:6.0

* cpe:/a:microsoft:ie:6.0:sp1

* Denotes Vulnerable Software

Technical Details

Vulnerability Type (View All)

CVE Standard Vulnerability Entry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0816