1. Home
  2. CVE Database
  3. CVE-2003-0815
HIGH · 7.5

CVE-2003-0815

Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using...

Vulnerability Description

Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
PARTIAL

Affected Products

VendorProductVersions
MicrosoftIe6.0
MicrosoftInternet Explorer5.0.1

References

FAQ

What is CVE-2003-0815?

CVE-2003-0815 is a vulnerability with a CVSS score of 7.5 (HIGH). Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using...

How severe is CVE-2003-0815?

CVE-2003-0815 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2003-0815?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Ie, Microsoft Internet Explorer.