Back to search
CVE-2003-0815
Published: Jan 14, 2004
Modified: Aug 8, 2024
PUBLISHED
Description
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
O-021
third-party-advisory
government-resource
x_refsource_CIAC
20030910 MSIE->LinkillerJPU:another caller-based authorization(is broken).
mailing-list
x_refsource_BUGTRAQ
20030910 MSIE->LinkillerSaveRef:another caller-based authorization
mailing-list
x_refsource_BUGTRAQ
oval:org.mitre.oval:def:351
vdb-entry
signature
x_refsource_OVAL
ie-pointer-zone-bypass(13676)
vdb-entry
x_refsource_XF
oval:org.mitre.oval:def:472
vdb-entry
signature
x_refsource_OVAL
7889
vdb-entry
x_refsource_OSVDB
MS03-048
vendor-advisory
x_refsource_MS
1007687
vdb-entry
x_refsource_SECTRACK
20030911 LiuDieYu's missing files are here.
mailing-list
x_refsource_BUGTRAQ
oval:org.mitre.oval:def:353
vdb-entry
signature
x_refsource_OVAL
oval:org.mitre.oval:def:359
vdb-entry
signature
x_refsource_OVAL
20030910 MSIE->Findeath: break caller-based authorization
mailing-list
x_refsource_BUGTRAQ
oval:org.mitre.oval:def:356
vdb-entry
signature
x_refsource_OVAL
9014
vdb-entry
x_refsource_BID
oval:org.mitre.oval:def:357
vdb-entry
signature
x_refsource_OVAL
oval:org.mitre.oval:def:352
vdb-entry
signature
x_refsource_OVAL
7888
vdb-entry
x_refsource_OSVDB
10192
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now