Vulnerability Details CVE-2002-0027
Internet Explorer 5.5 and 6.0 allows remote attackers to read certain files and spoof the URL in the address bar by using the Document.open function to pass information between two frames from different domains, a new variant of the "Frame Domain Verification" vulnerability described in MS:MS01-058/CAN-2001-0874.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.117
EPSS Ranking 93.3%
CVSS Severity
CVSS v2 Score 7.5
References
- http://www.osvdb.org/3031
- http://www.securityfocus.com/archive/1/246522
- http://www.securityfocus.com/bid/3721
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-005
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A974
- http://www.osvdb.org/3031
- http://www.securityfocus.com/archive/1/246522
- http://www.securityfocus.com/bid/3721
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-005
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A974
Products affected by CVE-2002-0027
-
cpe:2.3:a:microsoft:internet_explorer:5.5
-
cpe:2.3:a:microsoft:internet_explorer:6.0