CVE-2003-1026

Microsoft IE - Access Control

Title source: rule

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-1026. PoCs published by Andreas Sandblad.

AI-analyzed exploit summary This exploit leverages a vulnerability in Internet Explorer's handling of the back button to execute arbitrary JavaScript in the Local Machine zone. It demonstrates the issue by creating a harmless text file on the desktop when the user clicks the back button.

Description

Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability."

Exploits (1)

exploitdb WORKING POC VERIFIED

by Andreas Sandblad · textremotewindows

https://www.exploit-db.com/exploits/151

View Code ZIP pw:eip

This exploit leverages a vulnerability in Internet Explorer's handling of the back button to execute arbitrary JavaScript in the Local Machine zone. It demonstrates the issue by creating a harmless text file on the desktop when the user clicks the back button.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Internet Explorer (pre-MS04-004)

No auth needed

Prerequisites: User interaction (clicking OK and the back button) · Internet Explorer with the vulnerability unpatched

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (14)

Core 14

Core References

Various Sources x_refsource_misc

http://www.safecenter.net/UMBRELLAWEBV4/BackToFramedJpu

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A630

Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/784102

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A689

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A774

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=107038202225587&w=2

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A687

US Government Resource third-party-advisory x_refsource_cert

http://www.us-cert.gov/cas/techalerts/TA04-033A.html

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A805

Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-004

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A643

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=106979349517578&w=2

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/13846

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A745

Scores

EPSS 0.3921

EPSS Percentile 98.4%

Details

CWE

CWE-264

Status published

Products (5)

microsoft/ie 6.0 sp1

microsoft/internet_explorer 5.0

microsoft/internet_explorer 5.0.1 (4 CPE variants)

microsoft/internet_explorer 5.5 (3 CPE variants)

microsoft/internet_explorer 6.0

Published Jan 20, 2004

Tracked Since Feb 18, 2026