CVE-2002-1187

Internet Explorer 5.01-6.0 - Cross-Site Scripting via Frame or IFrame Element

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-1187. PoCs published by GreyMagic Software.

AI-analyzed exploit summary This exploit leverages a cross-domain security flaw in Microsoft Internet Explorer where a parent window can manipulate the frames of a child window from a different domain or security zone. By setting the frame's location to a 'javascript:' URL, arbitrary script execution is achieved in the context of the child domain.

Description

Cross-site scripting vulnerability (XSS) in Internet Explorer 5.01 through 6.0 allows remote attackers to read and execute files on the local system via web pages using the <frame> or <iframe> element and javascript, aka "Frames Cross Site Scripting," as demonstrated using the PrivacyPolicy.dlg resource.

Exploits (1)

exploitdb WORKING POC VERIFIED

by GreyMagic Software · textremotewindows

https://www.exploit-db.com/exploits/21777

View Code ZIP pw:eip

This exploit leverages a cross-domain security flaw in Microsoft Internet Explorer where a parent window can manipulate the frames of a child window from a different domain or security zone. By setting the frame's location to a 'javascript:' URL, arbitrary script execution is achieved in the context of the child domain.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Internet Explorer (versions affected by CVE-2002-1187)

No auth needed

Prerequisites: Victim must visit a malicious webpage using a vulnerable version of Internet Explorer

MITRE ATT&CK