Description
Cross-Frame scripting vulnerability in the WebBrowser control as used in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code, read arbitrary files, or conduct other unauthorized activities via script that accesses the Document property, which bypasses <frame> and <iframe> domain restrictions.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by GreyMagic Software · textremotewindows
https://www.exploit-db.com/exploits/21940
References (10)
Core 10
Core References
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A272
Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A333
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=103470310417576&w=2
Mailing List mailing-list
x_refsource_ntbugtraq
http://marc.info/?l=ntbugtraq&m=103470202010570&w=2
Third Party Advisory vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/10371.php
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/5963
Exploit, Patch, Vendor Advisory x_refsource_misc
http://security.greymagic.com/adv/gm011-ie/
Third Party Advisory mailing-list
x_refsource_vulnwatch
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0024.html
Third Party Advisory, US Government Resource third-party-advisory
government-resource
x_refsource_ciac
http://www.ciac.org/ciac/bulletins/n-018.shtml
Scores
EPSS
0.6485
EPSS Percentile
98.5%
Details
Status
published
Products (2)
microsoft/internet_explorer
5.5 (3 CPE variants)
microsoft/internet_explorer
6.0
Published
Oct 28, 2002
Tracked Since
Feb 18, 2026