Description
Microsoft Internet Explorer 5.5 and 6.0 does not properly verify the domain of a frame within a browser window, which allows remote attackers to read client files or invoke executable objects via the Object tag, aka "Cross Domain Verification in Object Tag."
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Thor Larholm · textremotewindows
https://www.exploit-db.com/exploits/21606
References (3)
Core 3
Core References
Vendor Advisory vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/9537.php
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/5196
Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-047
Scores
EPSS
0.2193
EPSS Percentile
95.8%
Details
Status
published
Products (2)
microsoft/internet_explorer
5.5 (3 CPE variants)
microsoft/internet_explorer
6.0
Published
Sep 24, 2002
Tracked Since
Feb 18, 2026