CVE-2002-1254

Internet Explorer <6.1 - CSRF

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-1254. PoCs published by GreyMagic Software.

AI-analyzed exploit summary This is a writeup describing a vulnerability in Microsoft Internet Explorer (CVE-2002-1254) related to cached objects and improper access control checks. The provided code snippet is a partial example illustrating the exploitation concept but lacks complete exploit details.

Description

Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model and access information on the local system or in other domains, and possibly execute code, via cached methods and objects, aka "Cross Domain Verification via Cached Methods."

Exploits (1)

exploitdb WRITEUP VERIFIED

by GreyMagic Software · textremotewindows

https://www.exploit-db.com/exploits/21959

View Code ZIP pw:eip

This is a writeup describing a vulnerability in Microsoft Internet Explorer (CVE-2002-1254) related to cached objects and improper access control checks. The provided code snippet is a partial example illustrating the exploitation concept but lacks complete exploit details.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Moderate

Reliability

Theoretical

Target: Microsoft Internet Explorer 5.5 to 6.0 (excluding IE 6.0 SP1 and IE 5 SP2)

No auth needed

Prerequisites: Victim must visit a malicious webpage · JavaScript must be enabled in the target's browser

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (13)

Core 13

Core References

Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/6028

Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/10432

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=103530131201191&w=2

Third Party Advisory vdb-entry x_refsource_xf

http://www.iss.net/security_center/static/10438.php

Third Party Advisory vdb-entry x_refsource_xf

http://www.iss.net/security_center/static/10437.php

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A388

Third Party Advisory vdb-entry x_refsource_xf

http://www.iss.net/security_center/static/10436.php

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A408

Third Party Advisory vdb-entry x_refsource_xf

http://www.iss.net/security_center/static/10435.php

Various Sources x_refsource_misc

http://security.greymagic.com/adv/gm012-ie/

Third Party Advisory, US Government Resource third-party-advisory government-resource x_refsource_ciac

http://www.ciac.org/ciac/bulletins/n-018.shtml

Third Party Advisory vdb-entry x_refsource_xf

http://www.iss.net/security_center/static/10439.php

Scores

EPSS 0.5076

EPSS Percentile 98.8%

Details

Status published

Products (3)

microsoft/ie 6.0 sp1

microsoft/internet_explorer 5.5 (3 CPE variants)

microsoft/internet_explorer 6.0

Published Dec 11, 2002

Tracked Since Feb 18, 2026