CVE-2003-0816

Internet Explorer 6 SP1 - Auth Bypass

Title source: llm

Description

Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability.

Exploits (2)

exploitdb WRITEUP VERIFIED

by Liu Die Yu & Jelmer · textremotewindows

https://www.exploit-db.com/exploits/23131

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Liu Die Yu · htmlremotewindows

https://www.exploit-db.com/exploits/23790

View Code ZIP pw:eip

References (30)

[Mailing List] http://marc.info/?l=bugtraq&m=106321781819727&w=2

[Various Sources] http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0146.html

[Mailing List] http://marc.info/?l=bugtraq&m=106322063729496&w=2

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A362

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A361

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A416

[Various Sources] http://www.safecenter.net/liudieyu/WsFakeSrc/WsFakeSrc-Content.HTM

[Mailing List] http://marc.info/?l=bugtraq&m=106321693517858&w=2

[US Government Resource] http://www.kb.cert.org/vuls/id/771604

[Mailing List] http://marc.info/?l=bugtraq&m=106322240132721&w=2

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1007687

[Various Sources] http://www.safecenter.net/UMBRELLAWEBV4/WsOpenFileJPU/WsOpenFileJPU-Content.HTM

[Various Sources] http://www.safecenter.net/UMBRELLAWEBV4/NAFfileJPU/NAFfileJPU-Content.htm

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A409

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A479

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/337086

[Various Sources] http://www.safecenter.net/liudieyu/BackMyParent/BackMyParent-content.htm

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A459

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/336937

... and 10 more

Scores

EPSS 0.6722

EPSS Percentile 98.6%

Details

Status published

Products (4)

microsoft/ie 6.0 sp1

microsoft/internet_explorer 5.0.1 (4 CPE variants)

microsoft/internet_explorer 5.5 (3 CPE variants)

microsoft/internet_explorer 6.0

Published Feb 03, 2004

Tracked Since Feb 18, 2026