Vulnerability Details CVE-2003-0447
The Custom HTTP Errors capability in Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute script in the Local Zone via an argument to shdocvw.dll that causes a "javascript:" link to be generated.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.272
EPSS Ranking 96.1%
CVSS Severity
CVSS v2 Score 5.1
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005763.html
- http://marc.info/?l=bugtraq&m=105585933614773&w=2
- http://marc.info/?l=ntbugtraq&m=105585142406147&w=2
- http://security.greymagic.com/adv/gm014-ie/
- http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005763.html
- http://marc.info/?l=bugtraq&m=105585933614773&w=2
- http://marc.info/?l=ntbugtraq&m=105585142406147&w=2
- http://security.greymagic.com/adv/gm014-ie/
Products affected by CVE-2003-0447
-
cpe:2.3:a:microsoft:internet_explorer:5.01
-
cpe:2.3:a:microsoft:internet_explorer:5.5
-
cpe:2.3:a:microsoft:internet_explorer:6.0