cvelistv5 - CVE-2003-0816

CVE-2003-0816 (GCVE-0-2003-0816)

Vulnerability from cvelistv5

Published

2004-01-14 05:00

Modified

2024-08-08 02:05

Severity ?

CWE

Summary

Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability.

References

►

URL

Tags

cve@mitre.org	http://marc.info/?l=bugtraq&m=106321638416884&w=2
cve@mitre.org	http://marc.info/?l=bugtraq&m=106321693517858&w=2
cve@mitre.org	http://marc.info/?l=bugtraq&m=106321781819727&w=2
cve@mitre.org	http://marc.info/?l=bugtraq&m=106321882821788&w=2
cve@mitre.org	http://marc.info/?l=bugtraq&m=106322063729496&w=2
cve@mitre.org	http://marc.info/?l=bugtraq&m=106322240132721&w=2
cve@mitre.org	http://secunia.com/advisories/10192
cve@mitre.org	http://securitytracker.com/id?1007687
cve@mitre.org	http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0146.html
cve@mitre.org	http://www.kb.cert.org/vuls/id/652452	Patch, Third Party Advisory, US Government Resource
cve@mitre.org	http://www.kb.cert.org/vuls/id/771604	US Government Resource
cve@mitre.org	http://www.safecenter.net/UMBRELLAWEBV4/NAFfileJPU/NAFfileJPU-Content.htm
cve@mitre.org	http://www.safecenter.net/UMBRELLAWEBV4/WsOpenFileJPU/WsOpenFileJPU-Content.HTM
cve@mitre.org	http://www.safecenter.net/liudieyu/BackMyParent/BackMyParent-content.htm
cve@mitre.org	http://www.safecenter.net/liudieyu/BackMyParent2/BackMyParent2-Content.HTM
cve@mitre.org	http://www.safecenter.net/liudieyu/NAFjpuInHistory/NAFjpuInHistory-Content.HTM
cve@mitre.org	http://www.safecenter.net/liudieyu/RefBack/RefBack-Content.HTM
cve@mitre.org	http://www.safecenter.net/liudieyu/WsBASEjpu/WsBASEjpu-Content.HTM
cve@mitre.org	http://www.safecenter.net/liudieyu/WsFakeSrc/WsFakeSrc-Content.HTM
cve@mitre.org	http://www.safecenter.net/liudieyu/WsOpenJpuInHistory/WsOpenJpuInHistory-Content.HTM
cve@mitre.org	http://www.securityfocus.com/archive/1/336937
cve@mitre.org	http://www.securityfocus.com/archive/1/337086
cve@mitre.org	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A361
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A362
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A363
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A409
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A416
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A459
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A479
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=106321638416884&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=106321693517858&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=106321781819727&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=106321882821788&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=106322063729496&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=106322240132721&w=2
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/10192
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1007687
af854a3a-2127-422b-91ae-364da2661108	http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0146.html
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/652452	Patch, Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/771604	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.safecenter.net/UMBRELLAWEBV4/NAFfileJPU/NAFfileJPU-Content.htm
af854a3a-2127-422b-91ae-364da2661108	http://www.safecenter.net/UMBRELLAWEBV4/WsOpenFileJPU/WsOpenFileJPU-Content.HTM
af854a3a-2127-422b-91ae-364da2661108	http://www.safecenter.net/liudieyu/BackMyParent/BackMyParent-content.htm
af854a3a-2127-422b-91ae-364da2661108	http://www.safecenter.net/liudieyu/BackMyParent2/BackMyParent2-Content.HTM
af854a3a-2127-422b-91ae-364da2661108	http://www.safecenter.net/liudieyu/NAFjpuInHistory/NAFjpuInHistory-Content.HTM
af854a3a-2127-422b-91ae-364da2661108	http://www.safecenter.net/liudieyu/RefBack/RefBack-Content.HTM
af854a3a-2127-422b-91ae-364da2661108	http://www.safecenter.net/liudieyu/WsBASEjpu/WsBASEjpu-Content.HTM
af854a3a-2127-422b-91ae-364da2661108	http://www.safecenter.net/liudieyu/WsFakeSrc/WsFakeSrc-Content.HTM
af854a3a-2127-422b-91ae-364da2661108	http://www.safecenter.net/liudieyu/WsOpenJpuInHistory/WsOpenJpuInHistory-Content.HTM
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/336937
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/337086
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A361
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A362
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A363
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A409
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A416
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A459
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A479

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T02:05:12.561Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20030910 MSIE-\u003eWsFakeSrc",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=106321781819727\u0026w=2"
          },
          {
            "name": "20030910 MSIE-\u003eWsOpenJpuInHistory",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0146.html"
          },
          {
            "name": "oval:org.mitre.oval:def:362",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A362"
          },
          {
            "name": "oval:org.mitre.oval:def:361",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A361"
          },
          {
            "name": "oval:org.mitre.oval:def:416",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A416"
          },
          {
            "name": "20030910 MSIE-\u003eWsBASEjpu",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=106322063729496\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.safecenter.net/liudieyu/WsFakeSrc/WsFakeSrc-Content.HTM"
          },
          {
            "name": "20030910 MSIE-\u003eNAFjpuInHistory",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=106321693517858\u0026w=2"
          },
          {
            "name": "VU#771604",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/771604"
          },
          {
            "name": "20030910 MSIE-\u003eBackMyParent2:Multi-Thread version",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=106322240132721\u0026w=2"
          },
          {
            "name": "MS03-048",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048"
          },
          {
            "name": "1007687",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1007687"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.safecenter.net/UMBRELLAWEBV4/WsOpenFileJPU/WsOpenFileJPU-Content.HTM"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.safecenter.net/UMBRELLAWEBV4/NAFfileJPU/NAFfileJPU-Content.htm"
          },
          {
            "name": "oval:org.mitre.oval:def:409",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A409"
          },
          {
            "name": "oval:org.mitre.oval:def:479",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A479"
          },
          {
            "name": "20030911 LiuDieYu\u0027s missing files are here.",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/337086"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.safecenter.net/liudieyu/BackMyParent/BackMyParent-content.htm"
          },
          {
            "name": "oval:org.mitre.oval:def:459",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A459"
          },
          {
            "name": "20030910 MSIE-\u003eNAFfileJPU",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/336937"
          },
          {
            "name": "20030910 MSIE-\u003eWsOpenFileJPU",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=106321882821788\u0026w=2"
          },
          {
            "name": "20030910 MSIE-\u003eRefBack",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=106321638416884\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.safecenter.net/liudieyu/BackMyParent2/BackMyParent2-Content.HTM"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.safecenter.net/liudieyu/NAFjpuInHistory/NAFjpuInHistory-Content.HTM"
          },
          {
            "name": "oval:org.mitre.oval:def:363",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A363"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.safecenter.net/liudieyu/RefBack/RefBack-Content.HTM"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.safecenter.net/liudieyu/WsOpenJpuInHistory/WsOpenJpuInHistory-Content.HTM"
          },
          {
            "name": "10192",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/10192"
          },
          {
            "name": "VU#652452",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/652452"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.safecenter.net/liudieyu/WsBASEjpu/WsBASEjpu-Content.HTM"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2003-09-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the \"Script URLs Cross Domain\" vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20030910 MSIE-\u003eWsFakeSrc",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=106321781819727\u0026w=2"
        },
        {
          "name": "20030910 MSIE-\u003eWsOpenJpuInHistory",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0146.html"
        },
        {
          "name": "oval:org.mitre.oval:def:362",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A362"
        },
        {
          "name": "oval:org.mitre.oval:def:361",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A361"
        },
        {
          "name": "oval:org.mitre.oval:def:416",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A416"
        },
        {
          "name": "20030910 MSIE-\u003eWsBASEjpu",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=106322063729496\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.safecenter.net/liudieyu/WsFakeSrc/WsFakeSrc-Content.HTM"
        },
        {
          "name": "20030910 MSIE-\u003eNAFjpuInHistory",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=106321693517858\u0026w=2"
        },
        {
          "name": "VU#771604",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/771604"
        },
        {
          "name": "20030910 MSIE-\u003eBackMyParent2:Multi-Thread version",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=106322240132721\u0026w=2"
        },
        {
          "name": "MS03-048",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048"
        },
        {
          "name": "1007687",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1007687"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.safecenter.net/UMBRELLAWEBV4/WsOpenFileJPU/WsOpenFileJPU-Content.HTM"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.safecenter.net/UMBRELLAWEBV4/NAFfileJPU/NAFfileJPU-Content.htm"
        },
        {
          "name": "oval:org.mitre.oval:def:409",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A409"
        },
        {
          "name": "oval:org.mitre.oval:def:479",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A479"
        },
        {
          "name": "20030911 LiuDieYu\u0027s missing files are here.",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/337086"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.safecenter.net/liudieyu/BackMyParent/BackMyParent-content.htm"
        },
        {
          "name": "oval:org.mitre.oval:def:459",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A459"
        },
        {
          "name": "20030910 MSIE-\u003eNAFfileJPU",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/336937"
        },
        {
          "name": "20030910 MSIE-\u003eWsOpenFileJPU",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=106321882821788\u0026w=2"
        },
        {
          "name": "20030910 MSIE-\u003eRefBack",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=106321638416884\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.safecenter.net/liudieyu/BackMyParent2/BackMyParent2-Content.HTM"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.safecenter.net/liudieyu/NAFjpuInHistory/NAFjpuInHistory-Content.HTM"
        },
        {
          "name": "oval:org.mitre.oval:def:363",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A363"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.safecenter.net/liudieyu/RefBack/RefBack-Content.HTM"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.safecenter.net/liudieyu/WsOpenJpuInHistory/WsOpenJpuInHistory-Content.HTM"
        },
        {
          "name": "10192",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/10192"
        },
        {
          "name": "VU#652452",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/652452"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.safecenter.net/liudieyu/WsBASEjpu/WsBASEjpu-Content.HTM"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2003-0816",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the \"Script URLs Cross Domain\" vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20030910 MSIE-\u003eWsFakeSrc",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=106321781819727\u0026w=2"
            },
            {
              "name": "20030910 MSIE-\u003eWsOpenJpuInHistory",
              "refsource": "BUGTRAQ",
              "url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0146.html"
            },
            {
              "name": "oval:org.mitre.oval:def:362",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A362"
            },
            {
              "name": "oval:org.mitre.oval:def:361",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A361"
            },
            {
              "name": "oval:org.mitre.oval:def:416",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A416"
            },
            {
              "name": "20030910 MSIE-\u003eWsBASEjpu",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=106322063729496\u0026w=2"
            },
            {
              "name": "http://www.safecenter.net/liudieyu/WsFakeSrc/WsFakeSrc-Content.HTM",
              "refsource": "MISC",
              "url": "http://www.safecenter.net/liudieyu/WsFakeSrc/WsFakeSrc-Content.HTM"
            },
            {
              "name": "20030910 MSIE-\u003eNAFjpuInHistory",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=106321693517858\u0026w=2"
            },
            {
              "name": "VU#771604",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/771604"
            },
            {
              "name": "20030910 MSIE-\u003eBackMyParent2:Multi-Thread version",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=106322240132721\u0026w=2"
            },
            {
              "name": "MS03-048",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048"
            },
            {
              "name": "1007687",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1007687"
            },
            {
              "name": "http://www.safecenter.net/UMBRELLAWEBV4/WsOpenFileJPU/WsOpenFileJPU-Content.HTM",
              "refsource": "MISC",
              "url": "http://www.safecenter.net/UMBRELLAWEBV4/WsOpenFileJPU/WsOpenFileJPU-Content.HTM"
            },
            {
              "name": "http://www.safecenter.net/UMBRELLAWEBV4/NAFfileJPU/NAFfileJPU-Content.htm",
              "refsource": "MISC",
              "url": "http://www.safecenter.net/UMBRELLAWEBV4/NAFfileJPU/NAFfileJPU-Content.htm"
            },
            {
              "name": "oval:org.mitre.oval:def:409",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A409"
            },
            {
              "name": "oval:org.mitre.oval:def:479",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A479"
            },
            {
              "name": "20030911 LiuDieYu\u0027s missing files are here.",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/337086"
            },
            {
              "name": "http://www.safecenter.net/liudieyu/BackMyParent/BackMyParent-content.htm",
              "refsource": "MISC",
              "url": "http://www.safecenter.net/liudieyu/BackMyParent/BackMyParent-content.htm"
            },
            {
              "name": "oval:org.mitre.oval:def:459",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A459"
            },
            {
              "name": "20030910 MSIE-\u003eNAFfileJPU",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/336937"
            },
            {
              "name": "20030910 MSIE-\u003eWsOpenFileJPU",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=106321882821788\u0026w=2"
            },
            {
              "name": "20030910 MSIE-\u003eRefBack",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=106321638416884\u0026w=2"
            },
            {
              "name": "http://www.safecenter.net/liudieyu/BackMyParent2/BackMyParent2-Content.HTM",
              "refsource": "MISC",
              "url": "http://www.safecenter.net/liudieyu/BackMyParent2/BackMyParent2-Content.HTM"
            },
            {
              "name": "http://www.safecenter.net/liudieyu/NAFjpuInHistory/NAFjpuInHistory-Content.HTM",
              "refsource": "MISC",
              "url": "http://www.safecenter.net/liudieyu/NAFjpuInHistory/NAFjpuInHistory-Content.HTM"
            },
            {
              "name": "oval:org.mitre.oval:def:363",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A363"
            },
            {
              "name": "http://www.safecenter.net/liudieyu/RefBack/RefBack-Content.HTM",
              "refsource": "MISC",
              "url": "http://www.safecenter.net/liudieyu/RefBack/RefBack-Content.HTM"
            },
            {
              "name": "http://www.safecenter.net/liudieyu/WsOpenJpuInHistory/WsOpenJpuInHistory-Content.HTM",
              "refsource": "MISC",
              "url": "http://www.safecenter.net/liudieyu/WsOpenJpuInHistory/WsOpenJpuInHistory-Content.HTM"
            },
            {
              "name": "10192",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/10192"
            },
            {
              "name": "VU#652452",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/652452"
            },
            {
              "name": "http://www.safecenter.net/liudieyu/WsBASEjpu/WsBASEjpu-Content.HTM",
              "refsource": "MISC",
              "url": "http://www.safecenter.net/liudieyu/WsBASEjpu/WsBASEjpu-Content.HTM"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2003-0816",
    "datePublished": "2004-01-14T05:00:00",
    "dateReserved": "2003-09-18T00:00:00",
    "dateUpdated": "2024-08-08T02:05:12.561Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2003-0816\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2004-02-03T05:00:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the \\\"Script URLs Cross Domain\\\" vulnerability.\"},{\"lang\":\"es\",\"value\":\"Internet Explorer 6 SP1 y anteriores permite que atacantes remotos se salten restricciones de seguridad mediante: (1) uso del m\u00e9todo NavigateAndFind  para descargar un fichero, (2) uso del m\u00e9todo window.open  para cargar un fichero, (3) fijando la propriedad href en el tag base para la ventana _search, (4) cargando la venta de b\u00fasqueda en un Iframe, (5) capturando una URL de javascript en el hist\u00f3rico del navegador.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":true,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A04FEA6-37B0-44B0-844F-55652ABA1F85\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D56FB8E-2553-47C1-82A2-9E59023780CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"8541EEED-94F4-42F8-9719-57F3EC85D52B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"40372520-08CF-4F64-A7AC-7E0AE0964138\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"40F8042F-C621-45AE-9F8C-70469579643A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"D05ED9D0-CF78-4FAD-9371-6FB3D5825148\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A19F6133-25D1-44A5-B6B9-354703436783\"}]}]}],\"references\":[{\"url\":\"http://marc.info/?l=bugtraq\u0026m=106321638416884\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=106321693517858\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=106321781819727\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=106321882821788\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=106322063729496\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=106322240132721\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/10192\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1007687\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0146.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.kb.cert.org/vuls/id/652452\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/771604\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.safecenter.net/UMBRELLAWEBV4/NAFfileJPU/NAFfileJPU-Content.htm\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.safecenter.net/UMBRELLAWEBV4/WsOpenFileJPU/WsOpenFileJPU-Content.HTM\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.safecenter.net/liudieyu/BackMyParent/BackMyParent-content.htm\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.safecenter.net/liudieyu/BackMyParent2/BackMyParent2-Content.HTM\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.safecenter.net/liudieyu/NAFjpuInHistory/NAFjpuInHistory-Content.HTM\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.safecenter.net/liudieyu/RefBack/RefBack-Content.HTM\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.safecenter.net/liudieyu/WsBASEjpu/WsBASEjpu-Content.HTM\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.safecenter.net/liudieyu/WsFakeSrc/WsFakeSrc-Content.HTM\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.safecenter.net/liudieyu/WsOpenJpuInHistory/WsOpenJpuInHistory-Content.HTM\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/336937\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/337086\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A361\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A362\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A363\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A409\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A416\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A459\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A479\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=106321638416884\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=106321693517858\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=106321781819727\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=106321882821788\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=106322063729496\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=106322240132721\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/10192\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1007687\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0146.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/652452\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/771604\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.safecenter.net/UMBRELLAWEBV4/NAFfileJPU/NAFfileJPU-Content.htm\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.safecenter.net/UMBRELLAWEBV4/WsOpenFileJPU/WsOpenFileJPU-Content.HTM\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.safecenter.net/liudieyu/BackMyParent/BackMyParent-content.htm\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.safecenter.net/liudieyu/BackMyParent2/BackMyParent2-Content.HTM\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.safecenter.net/liudieyu/NAFjpuInHistory/NAFjpuInHistory-Content.HTM\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.safecenter.net/liudieyu/RefBack/RefBack-Content.HTM\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.safecenter.net/liudieyu/WsBASEjpu/WsBASEjpu-Content.HTM\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.safecenter.net/liudieyu/WsFakeSrc/WsFakeSrc-Content.HTM\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.safecenter.net/liudieyu/WsOpenJpuInHistory/WsOpenJpuInHistory-Content.HTM\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/336937\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/337086\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A361\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A362\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A363\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A409\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A416\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A459\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A479\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

ghsa-x5cr-x42r-fv8m

Vulnerability from github

Published

2022-04-29 01:27

Modified

2022-04-29 01:27

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2003-0816"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2004-02-03T05:00:00Z",
    "severity": "HIGH"
  },
  "details": "Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the \"Script URLs Cross Domain\" vulnerability.",
  "id": "GHSA-x5cr-x42r-fv8m",
  "modified": "2022-04-29T01:27:03Z",
  "published": "2022-04-29T01:27:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0816"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A361"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A362"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A363"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A409"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A416"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A459"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A479"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=106321638416884\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=106321693517858\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=106321781819727\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=106321882821788\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=106322063729496\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=106322240132721\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/10192"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1007687"
    },
    {
      "type": "WEB",
      "url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0146.html"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/652452"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/771604"
    },
    {
      "type": "WEB",
      "url": "http://www.safecenter.net/UMBRELLAWEBV4/NAFfileJPU/NAFfileJPU-Content.htm"
    },
    {
      "type": "WEB",
      "url": "http://www.safecenter.net/UMBRELLAWEBV4/WsOpenFileJPU/WsOpenFileJPU-Content.HTM"
    },
    {
      "type": "WEB",
      "url": "http://www.safecenter.net/liudieyu/BackMyParent/BackMyParent-content.htm"
    },
    {
      "type": "WEB",
      "url": "http://www.safecenter.net/liudieyu/BackMyParent2/BackMyParent2-Content.HTM"
    },
    {
      "type": "WEB",
      "url": "http://www.safecenter.net/liudieyu/NAFjpuInHistory/NAFjpuInHistory-Content.HTM"
    },
    {
      "type": "WEB",
      "url": "http://www.safecenter.net/liudieyu/RefBack/RefBack-Content.HTM"
    },
    {
      "type": "WEB",
      "url": "http://www.safecenter.net/liudieyu/WsBASEjpu/WsBASEjpu-Content.HTM"
    },
    {
      "type": "WEB",
      "url": "http://www.safecenter.net/liudieyu/WsFakeSrc/WsFakeSrc-Content.HTM"
    },
    {
      "type": "WEB",
      "url": "http://www.safecenter.net/liudieyu/WsOpenJpuInHistory/WsOpenJpuInHistory-Content.HTM"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/336937"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/337086"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

gsd-2003-0816

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2003-0816

Aliases

CVE-2003-0816

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2003-0816",
    "description": "Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the \"Script URLs Cross Domain\" vulnerability.",
    "id": "GSD-2003-0816"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2003-0816"
      ],
      "details": "Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the \"Script URLs Cross Domain\" vulnerability.",
      "id": "GSD-2003-0816",
      "modified": "2023-12-13T01:22:13.679860Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2003-0816",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the \"Script URLs Cross Domain\" vulnerability."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20030910 MSIE-\u003eWsFakeSrc",
            "refsource": "BUGTRAQ",
            "url": "http://marc.info/?l=bugtraq\u0026m=106321781819727\u0026w=2"
          },
          {
            "name": "20030910 MSIE-\u003eWsOpenJpuInHistory",
            "refsource": "BUGTRAQ",
            "url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0146.html"
          },
          {
            "name": "oval:org.mitre.oval:def:362",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A362"
          },
          {
            "name": "oval:org.mitre.oval:def:361",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A361"
          },
          {
            "name": "oval:org.mitre.oval:def:416",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A416"
          },
          {
            "name": "20030910 MSIE-\u003eWsBASEjpu",
            "refsource": "BUGTRAQ",
            "url": "http://marc.info/?l=bugtraq\u0026m=106322063729496\u0026w=2"
          },
          {
            "name": "http://www.safecenter.net/liudieyu/WsFakeSrc/WsFakeSrc-Content.HTM",
            "refsource": "MISC",
            "url": "http://www.safecenter.net/liudieyu/WsFakeSrc/WsFakeSrc-Content.HTM"
          },
          {
            "name": "20030910 MSIE-\u003eNAFjpuInHistory",
            "refsource": "BUGTRAQ",
            "url": "http://marc.info/?l=bugtraq\u0026m=106321693517858\u0026w=2"
          },
          {
            "name": "VU#771604",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/771604"
          },
          {
            "name": "20030910 MSIE-\u003eBackMyParent2:Multi-Thread version",
            "refsource": "BUGTRAQ",
            "url": "http://marc.info/?l=bugtraq\u0026m=106322240132721\u0026w=2"
          },
          {
            "name": "MS03-048",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048"
          },
          {
            "name": "1007687",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1007687"
          },
          {
            "name": "http://www.safecenter.net/UMBRELLAWEBV4/WsOpenFileJPU/WsOpenFileJPU-Content.HTM",
            "refsource": "MISC",
            "url": "http://www.safecenter.net/UMBRELLAWEBV4/WsOpenFileJPU/WsOpenFileJPU-Content.HTM"
          },
          {
            "name": "http://www.safecenter.net/UMBRELLAWEBV4/NAFfileJPU/NAFfileJPU-Content.htm",
            "refsource": "MISC",
            "url": "http://www.safecenter.net/UMBRELLAWEBV4/NAFfileJPU/NAFfileJPU-Content.htm"
          },
          {
            "name": "oval:org.mitre.oval:def:409",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A409"
          },
          {
            "name": "oval:org.mitre.oval:def:479",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A479"
          },
          {
            "name": "20030911 LiuDieYu\u0027s missing files are here.",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/337086"
          },
          {
            "name": "http://www.safecenter.net/liudieyu/BackMyParent/BackMyParent-content.htm",
            "refsource": "MISC",
            "url": "http://www.safecenter.net/liudieyu/BackMyParent/BackMyParent-content.htm"
          },
          {
            "name": "oval:org.mitre.oval:def:459",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A459"
          },
          {
            "name": "20030910 MSIE-\u003eNAFfileJPU",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/336937"
          },
          {
            "name": "20030910 MSIE-\u003eWsOpenFileJPU",
            "refsource": "BUGTRAQ",
            "url": "http://marc.info/?l=bugtraq\u0026m=106321882821788\u0026w=2"
          },
          {
            "name": "20030910 MSIE-\u003eRefBack",
            "refsource": "BUGTRAQ",
            "url": "http://marc.info/?l=bugtraq\u0026m=106321638416884\u0026w=2"
          },
          {
            "name": "http://www.safecenter.net/liudieyu/BackMyParent2/BackMyParent2-Content.HTM",
            "refsource": "MISC",
            "url": "http://www.safecenter.net/liudieyu/BackMyParent2/BackMyParent2-Content.HTM"
          },
          {
            "name": "http://www.safecenter.net/liudieyu/NAFjpuInHistory/NAFjpuInHistory-Content.HTM",
            "refsource": "MISC",
            "url": "http://www.safecenter.net/liudieyu/NAFjpuInHistory/NAFjpuInHistory-Content.HTM"
          },
          {
            "name": "oval:org.mitre.oval:def:363",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A363"
          },
          {
            "name": "http://www.safecenter.net/liudieyu/RefBack/RefBack-Content.HTM",
            "refsource": "MISC",
            "url": "http://www.safecenter.net/liudieyu/RefBack/RefBack-Content.HTM"
          },
          {
            "name": "http://www.safecenter.net/liudieyu/WsOpenJpuInHistory/WsOpenJpuInHistory-Content.HTM",
            "refsource": "MISC",
            "url": "http://www.safecenter.net/liudieyu/WsOpenJpuInHistory/WsOpenJpuInHistory-Content.HTM"
          },
          {
            "name": "10192",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/10192"
          },
          {
            "name": "VU#652452",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/652452"
          },
          {
            "name": "http://www.safecenter.net/liudieyu/WsBASEjpu/WsBASEjpu-Content.HTM",
            "refsource": "MISC",
            "url": "http://www.safecenter.net/liudieyu/WsBASEjpu/WsBASEjpu-Content.HTM"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2003-0816"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the \"Script URLs Cross Domain\" vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#652452",
              "refsource": "CERT-VN",
              "tags": [
                "Patch",
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/652452"
            },
            {
              "name": "http://www.safecenter.net/UMBRELLAWEBV4/NAFfileJPU/NAFfileJPU-Content.htm",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.safecenter.net/UMBRELLAWEBV4/NAFfileJPU/NAFfileJPU-Content.htm"
            },
            {
              "name": "http://www.safecenter.net/UMBRELLAWEBV4/WsOpenFileJPU/WsOpenFileJPU-Content.HTM",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.safecenter.net/UMBRELLAWEBV4/WsOpenFileJPU/WsOpenFileJPU-Content.HTM"
            },
            {
              "name": "http://www.safecenter.net/liudieyu/WsBASEjpu/WsBASEjpu-Content.HTM",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.safecenter.net/liudieyu/WsBASEjpu/WsBASEjpu-Content.HTM"
            },
            {
              "name": "http://www.safecenter.net/liudieyu/WsFakeSrc/WsFakeSrc-Content.HTM",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.safecenter.net/liudieyu/WsFakeSrc/WsFakeSrc-Content.HTM"
            },
            {
              "name": "http://www.safecenter.net/liudieyu/WsOpenJpuInHistory/WsOpenJpuInHistory-Content.HTM",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.safecenter.net/liudieyu/WsOpenJpuInHistory/WsOpenJpuInHistory-Content.HTM"
            },
            {
              "name": "http://www.safecenter.net/liudieyu/NAFjpuInHistory/NAFjpuInHistory-Content.HTM",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.safecenter.net/liudieyu/NAFjpuInHistory/NAFjpuInHistory-Content.HTM"
            },
            {
              "name": "http://www.safecenter.net/liudieyu/BackMyParent2/BackMyParent2-Content.HTM",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.safecenter.net/liudieyu/BackMyParent2/BackMyParent2-Content.HTM"
            },
            {
              "name": "http://www.safecenter.net/liudieyu/BackMyParent/BackMyParent-content.htm",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.safecenter.net/liudieyu/BackMyParent/BackMyParent-content.htm"
            },
            {
              "name": "http://www.safecenter.net/liudieyu/RefBack/RefBack-Content.HTM",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.safecenter.net/liudieyu/RefBack/RefBack-Content.HTM"
            },
            {
              "name": "20030911 LiuDieYu\u0027s missing files are here.",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/337086"
            },
            {
              "name": "VU#771604",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/771604"
            },
            {
              "name": "20030910 MSIE-\u003eNAFfileJPU",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/336937"
            },
            {
              "name": "20030910 MSIE-\u003eWsOpenJpuInHistory",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0146.html"
            },
            {
              "name": "1007687",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1007687"
            },
            {
              "name": "10192",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/10192"
            },
            {
              "name": "20030910 MSIE-\u003eWsOpenFileJPU",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=106321882821788\u0026w=2"
            },
            {
              "name": "20030910 MSIE-\u003eBackMyParent2:Multi-Thread version",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=106322240132721\u0026w=2"
            },
            {
              "name": "20030910 MSIE-\u003eWsBASEjpu",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=106322063729496\u0026w=2"
            },
            {
              "name": "20030910 MSIE-\u003eWsFakeSrc",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=106321781819727\u0026w=2"
            },
            {
              "name": "20030910 MSIE-\u003eRefBack",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=106321638416884\u0026w=2"
            },
            {
              "name": "20030910 MSIE-\u003eNAFjpuInHistory",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=106321693517858\u0026w=2"
            },
            {
              "name": "oval:org.mitre.oval:def:479",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A479"
            },
            {
              "name": "oval:org.mitre.oval:def:459",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A459"
            },
            {
              "name": "oval:org.mitre.oval:def:416",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A416"
            },
            {
              "name": "oval:org.mitre.oval:def:409",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A409"
            },
            {
              "name": "oval:org.mitre.oval:def:363",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A363"
            },
            {
              "name": "oval:org.mitre.oval:def:362",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A362"
            },
            {
              "name": "oval:org.mitre.oval:def:361",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A361"
            },
            {
              "name": "MS03-048",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": true,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2021-07-23T12:55Z",
      "publishedDate": "2004-02-03T05:00Z"
    }
  }
}

fkie_cve-2003-0816

Vulnerability from fkie_nvd

Published

2004-02-03 05:00

Modified

2025-04-03 01:03

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://marc.info/?l=bugtraq&m=106321638416884&w=2
cve@mitre.org	http://marc.info/?l=bugtraq&m=106321693517858&w=2
cve@mitre.org	http://marc.info/?l=bugtraq&m=106321781819727&w=2
cve@mitre.org	http://marc.info/?l=bugtraq&m=106321882821788&w=2
cve@mitre.org	http://marc.info/?l=bugtraq&m=106322063729496&w=2
cve@mitre.org	http://marc.info/?l=bugtraq&m=106322240132721&w=2
cve@mitre.org	http://secunia.com/advisories/10192
cve@mitre.org	http://securitytracker.com/id?1007687
cve@mitre.org	http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0146.html
cve@mitre.org	http://www.kb.cert.org/vuls/id/652452	Patch, Third Party Advisory, US Government Resource
cve@mitre.org	http://www.kb.cert.org/vuls/id/771604	US Government Resource
cve@mitre.org	http://www.safecenter.net/UMBRELLAWEBV4/NAFfileJPU/NAFfileJPU-Content.htm
cve@mitre.org	http://www.safecenter.net/UMBRELLAWEBV4/WsOpenFileJPU/WsOpenFileJPU-Content.HTM
cve@mitre.org	http://www.safecenter.net/liudieyu/BackMyParent/BackMyParent-content.htm
cve@mitre.org	http://www.safecenter.net/liudieyu/BackMyParent2/BackMyParent2-Content.HTM
cve@mitre.org	http://www.safecenter.net/liudieyu/NAFjpuInHistory/NAFjpuInHistory-Content.HTM
cve@mitre.org	http://www.safecenter.net/liudieyu/RefBack/RefBack-Content.HTM
cve@mitre.org	http://www.safecenter.net/liudieyu/WsBASEjpu/WsBASEjpu-Content.HTM
cve@mitre.org	http://www.safecenter.net/liudieyu/WsFakeSrc/WsFakeSrc-Content.HTM
cve@mitre.org	http://www.safecenter.net/liudieyu/WsOpenJpuInHistory/WsOpenJpuInHistory-Content.HTM
cve@mitre.org	http://www.securityfocus.com/archive/1/336937
cve@mitre.org	http://www.securityfocus.com/archive/1/337086
cve@mitre.org	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A361
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A362
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A363
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A409
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A416
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A459
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A479
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=106321638416884&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=106321693517858&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=106321781819727&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=106321882821788&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=106322063729496&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=106322240132721&w=2
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/10192
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1007687
af854a3a-2127-422b-91ae-364da2661108	http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0146.html
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/652452	Patch, Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/771604	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.safecenter.net/UMBRELLAWEBV4/NAFfileJPU/NAFfileJPU-Content.htm
af854a3a-2127-422b-91ae-364da2661108	http://www.safecenter.net/UMBRELLAWEBV4/WsOpenFileJPU/WsOpenFileJPU-Content.HTM
af854a3a-2127-422b-91ae-364da2661108	http://www.safecenter.net/liudieyu/BackMyParent/BackMyParent-content.htm
af854a3a-2127-422b-91ae-364da2661108	http://www.safecenter.net/liudieyu/BackMyParent2/BackMyParent2-Content.HTM
af854a3a-2127-422b-91ae-364da2661108	http://www.safecenter.net/liudieyu/NAFjpuInHistory/NAFjpuInHistory-Content.HTM
af854a3a-2127-422b-91ae-364da2661108	http://www.safecenter.net/liudieyu/RefBack/RefBack-Content.HTM
af854a3a-2127-422b-91ae-364da2661108	http://www.safecenter.net/liudieyu/WsBASEjpu/WsBASEjpu-Content.HTM
af854a3a-2127-422b-91ae-364da2661108	http://www.safecenter.net/liudieyu/WsFakeSrc/WsFakeSrc-Content.HTM
af854a3a-2127-422b-91ae-364da2661108	http://www.safecenter.net/liudieyu/WsOpenJpuInHistory/WsOpenJpuInHistory-Content.HTM
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/336937
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/337086
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A361
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A362
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A363
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A409
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A416
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A459
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A479

Impacted products

Vendor	Product	Version
microsoft	ie	6.0
microsoft	internet_explorer	5.0.1
microsoft	internet_explorer	5.0.1
microsoft	internet_explorer	5.0.1
microsoft	internet_explorer	5.0.1
microsoft	internet_explorer	5.5
microsoft	internet_explorer	5.5
microsoft	internet_explorer	5.5
microsoft	internet_explorer	6.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the \"Script URLs Cross Domain\" vulnerability."
    },
    {
      "lang": "es",
      "value": "Internet Explorer 6 SP1 y anteriores permite que atacantes remotos se salten restricciones de seguridad mediante: (1) uso del m\u00e9todo NavigateAndFind  para descargar un fichero, (2) uso del m\u00e9todo window.open  para cargar un fichero, (3) fijando la propriedad href en el tag base para la ventana _search, (4) cargando la venta de b\u00fasqueda en un Iframe, (5) capturando una URL de javascript en el hist\u00f3rico del navegador."
    }
  ],
  "id": "CVE-2003-0816",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-02-03T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=106321638416884\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=106321693517858\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=106321781819727\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=106321882821788\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=106322063729496\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=106322240132721\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/10192"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1007687"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0146.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/652452"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/771604"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.safecenter.net/UMBRELLAWEBV4/NAFfileJPU/NAFfileJPU-Content.htm"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.safecenter.net/UMBRELLAWEBV4/WsOpenFileJPU/WsOpenFileJPU-Content.HTM"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.safecenter.net/liudieyu/BackMyParent/BackMyParent-content.htm"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.safecenter.net/liudieyu/BackMyParent2/BackMyParent2-Content.HTM"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.safecenter.net/liudieyu/NAFjpuInHistory/NAFjpuInHistory-Content.HTM"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.safecenter.net/liudieyu/RefBack/RefBack-Content.HTM"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.safecenter.net/liudieyu/WsBASEjpu/WsBASEjpu-Content.HTM"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.safecenter.net/liudieyu/WsFakeSrc/WsFakeSrc-Content.HTM"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.safecenter.net/liudieyu/WsOpenJpuInHistory/WsOpenJpuInHistory-Content.HTM"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/336937"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/337086"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A361"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A362"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A363"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A409"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A416"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A459"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A479"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=106321638416884\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=106321693517858\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=106321781819727\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=106321882821788\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=106322063729496\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=106322240132721\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/10192"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1007687"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0146.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/652452"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/771604"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.safecenter.net/UMBRELLAWEBV4/NAFfileJPU/NAFfileJPU-Content.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.safecenter.net/UMBRELLAWEBV4/WsOpenFileJPU/WsOpenFileJPU-Content.HTM"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.safecenter.net/liudieyu/BackMyParent/BackMyParent-content.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.safecenter.net/liudieyu/BackMyParent2/BackMyParent2-Content.HTM"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.safecenter.net/liudieyu/NAFjpuInHistory/NAFjpuInHistory-Content.HTM"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.safecenter.net/liudieyu/RefBack/RefBack-Content.HTM"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.safecenter.net/liudieyu/WsBASEjpu/WsBASEjpu-Content.HTM"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.safecenter.net/liudieyu/WsFakeSrc/WsFakeSrc-Content.HTM"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.safecenter.net/liudieyu/WsOpenJpuInHistory/WsOpenJpuInHistory-Content.HTM"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/336937"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/337086"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A361"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A362"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A363"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A409"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A416"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A459"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A479"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2003-0816 (GCVE-0-2003-0816)

Vulnerability from cvelistv5

ghsa-x5cr-x42r-fv8m

Vulnerability from github

gsd-2003-0816

Vulnerability from gsd

fkie_cve-2003-0816

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature