1. Home
  2. CVE Database
  3. CVE-2003-1026
HIGH · 9.3

CVE-2003-1026

Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window...

Vulnerability Description

Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability."

CVSS Score

9.3

HIGH

AV:N/AC:M/Au:N/C:C/I:C/A:C
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE

Affected Products

VendorProductVersions
MicrosoftIe6.0
MicrosoftInternet Explorer5.0

Related Weaknesses (CWE)

CWE-264

References

FAQ

What is CVE-2003-1026?

CVE-2003-1026 is a vulnerability with a CVSS score of 9.3 (HIGH). Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window...

How severe is CVE-2003-1026?

CVE-2003-1026 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2003-1026?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Ie, Microsoft Internet Explorer.