CVE-ID

CVE-2002-0189

• Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Description
Cross-site scripting vulnerability in Internet Explorer 6.0 allows remote attackers to execute scripts in the Local Computer zone via a URL that exploits a local HTML resource file, aka the "Cross-Site Scripting in Local HTML Resource" vulnerability.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
Date Entry Created
20020420 Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Modified (20061101)
Votes (Legacy)
ACCEPT(5) Armstrong, Baker, Cole, Foat, Wall
MODIFY(1) Frech
NOOP(1) Cox
REVIEWING(1) Christey
Comments (Legacy)
 Christey> NOTE: As of 5/20/2002, there is a lack of clarity regarding
   the details of this vulnerability and other vulnerabilities
   being reported by GreyMagic and Thor Larholm.  Additional
   details will be added to this candidate if/when they become
   available.  This candidate is solely for the issue that is
   being addressed by Microsoft in MS:MS02-023.  Its relationship
   with other reported issues is currently unproven.
   
   This candidate is subject to CD:VAGUE.
 Christey> XF:ie-dialog-window-css(8868)
   URL:http://www.iss.net/security_center/static/8868.php
 Frech> XF:ie-dialog-window-css(8868)
 Baker> I agree some of the information appears vague, but seems to be legitimate.

Proposed (Legacy)
20020611
This is an entry on the CVE list, which standardizes names for security problems.