Description
Internet Explorer 6 and earlier allows remote attackers to create chromeless windows using the Javascript window.createPopup method, which could allow attackers to simulate a victim's display and conduct unauthorized activities or steal sensitive data via social engineering.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Georgi Guninski · textremotewindows
https://www.exploit-db.com/exploits/21127
References (9)
Core 9
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/7313
Exploit, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/3469
Various Sources x_refsource_misc
http://www.systemintegra.com/ie-fullscreen/
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=105820229407274&w=2
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=105829174431769&w=2
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/490708
Exploit, Vendor Advisory mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/221883
Various Sources x_refsource_misc
http://www.guninski.com/popspoof.html
Various Sources x_refsource_misc
http://www.doxdesk.com/personal/posts/bugtraq/20030713-ie/
Scores
EPSS
0.6159
EPSS Percentile
98.3%
Details
Status
published
Products (2)
microsoft/internet_explorer
5.5 (3 CPE variants)
microsoft/internet_explorer
6.0
Published
Aug 18, 2003
Tracked Since
Feb 18, 2026