CVE - CVE-2003-1026

CVE-ID
CVE-2003-1026	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability."
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20031125 BackToFramedJpu - a successor of BackToJpu attack URL:http://marc.info/?l=bugtraq&m=106979349517578&w=2 BUGTRAQ:20031201 Comments on 5 IE vulnerabilities URL:http://marc.info/?l=bugtraq&m=107038202225587&w=2 CERT:TA04-033A URL:http://www.us-cert.gov/cas/techalerts/TA04-033A.html CERT-VN:VU#784102 URL:http://www.kb.cert.org/vuls/id/784102 MISC:http://www.safecenter.net/UMBRELLAWEBV4/BackToFramedJpu MS:MS04-004 URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-004 OVAL:oval:org.mitre.oval:def:630 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A630 OVAL:oval:org.mitre.oval:def:643 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A643 OVAL:oval:org.mitre.oval:def:687 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A687 OVAL:oval:org.mitre.oval:def:689 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A689 OVAL:oval:org.mitre.oval:def:745 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A745 OVAL:oval:org.mitre.oval:def:774 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A774 OVAL:oval:org.mitre.oval:def:805 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A805 XF:ie-subframe-xss(13846) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/13846
Assigning CNA
MITRE Corporation
Date Record Created
20040107	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20040107)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)