CVE - CVE-2001-0332

CVE-ID
CVE-2001-0332	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Internet Explorer 5.5 and earlier does not properly verify the domain of a frame within a browser window, which allows remote web site operators to read certain files on the client by sending information from a local frame to a frame in a different domain using MSScriptControl.ScriptControl and GetObject, aka a variant of the "Frame Domain Verification" vulnerability.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20010330 Security bug in Internet Explorer - MSScriptControl.ScriptControl URL:http://marc.info/?l=bugtraq&m=98609031517525&w=2 MS:MS01-027 URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-027
Assigning CNA
MITRE Corporation
Date Record Created
20010510	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Proposed (20010524)
Votes (Legacy)
ACCEPT(4) Baker, Cole, Wall, Ziese MODIFY(1) Frech NOOP(1) Renaud RECAST(1) Williams REJECT(1) Magdych REVIEWING(1) Christey
Comments (Legacy)
Magdych> Duplicate of CVE-0246 Christey> While it may look like CVE-2001-0332 is a duplicate of CVE-2001-0246, Microsoft specifically identifies two separate variants of the same problem in its advisory, namely 0332 and 0246. However, CD:SF-LOC currently suggests merging problems of the same type that appear and are fixed in the same software versions, and thus these 2 candidates might in fact be duplicates - relative to CD:SF-LOC. Microsoft needs to be consulted on this. Williams> merge with CVE-0246 Frech> XF:ie-frame-verification-read-files(6086) XF:ie-frame-verification-variant(6748) CVE-2001-0092 is also assigned to the ie-frame-verification-files(6086), but shouldn't be considered a duplicate.
Proposed (Legacy)
20010524
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)