CVE-2004-0727

EXPLOITED

Microsoft Internet Explorer 6.0.2800.1106 - Auth Bypass

Title source: llm

Description

Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability."

Exploits (1)

exploitdb WORKING POC VERIFIED

by Paul · htmlremotewindows

https://www.exploit-db.com/exploits/24265

View Code ZIP pw:eip

References (13)

[Various Sources] http://freehost07.websamba.com/greyhats/similarmethodnameredir.htm

[Mailing List] http://marc.info/?l=bugtraq&m=108966512815373&w=2

[US Government Resource] http://www.kb.cert.org/vuls/id/207264

[US Government Resource] http://www.us-cert.gov/cas/techalerts/TA04-293A.html

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/16681

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4702

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6829

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7084

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7448

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7496

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7906

[Third Party Advisory] http://secunia.com/advisories/12048

Scores

EPSS 0.5758

EPSS Percentile 98.2%

Details

VulnCheck KEV 2004-11-09

Status published

Products (1)

microsoft/internet_explorer 6.0.2800.1106

Published Jul 27, 2004

Tracked Since Feb 18, 2026