CVE-2002-1217

Internet Explorer 5.5 and 6.0 - Cross-Frame Scripting via Document Property Access

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-1217. PoCs published by GreyMagic Software.

AI-analyzed exploit summary This exploit demonstrates a DOM-based vulnerability in Microsoft Internet Explorer where the 'Document' property of a frame/iframe can be accessed across domains, bypassing the Same Origin Policy. The PoC uses JavaScript to retrieve cookies from a different domain via an iframe, highlighting the lack of proper access control checks.

Description

Cross-Frame scripting vulnerability in the WebBrowser control as used in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code, read arbitrary files, or conduct other unauthorized activities via script that accesses the Document property, which bypasses <frame> and <iframe> domain restrictions.

Exploits (1)

exploitdb WORKING POC VERIFIED

by GreyMagic Software · textremotewindows

https://www.exploit-db.com/exploits/21940

View Code ZIP pw:eip

This exploit demonstrates a DOM-based vulnerability in Microsoft Internet Explorer where the 'Document' property of a frame/iframe can be accessed across domains, bypassing the Same Origin Policy. The PoC uses JavaScript to retrieve cookies from a different domain via an iframe, highlighting the lack of proper access control checks.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Internet Explorer (versions affected by CVE-2002-1217)

No auth needed

Prerequisites: Victim must be using a vulnerable version of Microsoft Internet Explorer · Victim must visit a malicious webpage hosting the exploit

MITRE ATT&CK