• Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Internet Explorer 5.5 and earlier does not properly verify the domain of a frame within a browser window, which allows remote web site operators to read certain files on the client by sending information from a local frame to a frame in a different domain using MSScriptControl.ScriptControl and GetObject, aka a variant of the "Frame Domain Verification" vulnerability.
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
Date Entry Created
20010510 Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Proposed (20010524)
Votes (Legacy)
ACCEPT(4) Baker, Cole, Wall, Ziese
MODIFY(1) Frech
NOOP(1) Renaud
RECAST(1) Williams
REJECT(1) Magdych
REVIEWING(1) Christey
Comments (Legacy)
 Magdych> Duplicate of CVE-0246
 Christey> While it may look like CVE-2001-0332 is a duplicate of
   CVE-2001-0246, Microsoft specifically identifies two separate
   variants of the same problem in its advisory, namely 0332 and
   0246.  However, CD:SF-LOC currently suggests merging problems
   of the same type that appear and are fixed in the same
   software versions, and thus these 2 candidates *might*
   in fact be duplicates - relative to CD:SF-LOC.  Microsoft
   needs to be consulted on this.
 Williams> merge with CVE-0246
 Frech> XF:ie-frame-verification-read-files(6086)
   CVE-2001-0092 is also assigned to the
   ie-frame-verification-files(6086), but shouldn't be considered a

Proposed (Legacy)
This is an entry on the CVE list, which standardizes names for security problems.