CVE-2002-0723

Microsoft Internet Explorer <6.0 - XSS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-0723. PoCs published by Thor Larholm.

AI-analyzed exploit summary This exploit demonstrates a same-origin policy bypass in Microsoft Internet Explorer using the HTML OBJECT tag. It allows malicious script code to access the DOM of an embedded page from a different domain, potentially leaking sensitive information like cookies.

Description

Microsoft Internet Explorer 5.5 and 6.0 does not properly verify the domain of a frame within a browser window, which allows remote attackers to read client files or invoke executable objects via the Object tag, aka "Cross Domain Verification in Object Tag."

Exploits (1)

exploitdb WORKING POC VERIFIED
by Thor Larholm · textremotewindows
https://www.exploit-db.com/exploits/21606

This exploit demonstrates a same-origin policy bypass in Microsoft Internet Explorer using the HTML OBJECT tag. It allows malicious script code to access the DOM of an embedded page from a different domain, potentially leaking sensitive information like cookies.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Microsoft Internet Explorer (versions affected by CVE-2002-0723)
No auth needed
Prerequisites: Victim must visit a malicious webpage using a vulnerable version of Internet Explorer
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Vendor Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/9537.php
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/5196

Scores

EPSS 0.1503
EPSS Percentile 96.3%

Details

Status published
Products (2)
microsoft/internet_explorer 5.5 (3 CPE variants)
microsoft/internet_explorer 6.0
Published Sep 24, 2002
Tracked Since Feb 18, 2026