Vulnerability Description
Internet Explorer 5.5 and 6.0 allows remote attackers to read certain files and spoof the URL in the address bar by using the Document.open function to pass information between two frames from different domains, a new variant of the "Frame Domain Verification" vulnerability described in MS:MS01-058/CAN-2001-0874.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Internet Explorer | 5.5 |
References
- http://www.osvdb.org/3031
- http://www.securityfocus.com/archive/1/246522Vendor Advisory
- http://www.securityfocus.com/bid/3721ExploitPatchVendor Advisory
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-00
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://www.osvdb.org/3031
- http://www.securityfocus.com/archive/1/246522Vendor Advisory
- http://www.securityfocus.com/bid/3721ExploitPatchVendor Advisory
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-00
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
FAQ
What is CVE-2002-0027?
CVE-2002-0027 is a vulnerability with a CVSS score of 7.5 (HIGH). Internet Explorer 5.5 and 6.0 allows remote attackers to read certain files and spoof the URL in the address bar by using the Document.open function to pass information between two frames from differe...
How severe is CVE-2002-0027?
CVE-2002-0027 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0027?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Internet Explorer.