CVE

Id
4581  
CVE No.
CVE-2002-0189  
Status
Candidate  
Description
Cross-site scripting vulnerability in Internet Explorer 6.0 allows remote attackers to execute scripts in the Local Computer zone via a URL that exploits a local HTML resource file, aka the "Cross-Site Scripting in Local HTML Resource" vulnerability.  
Phase
Modified (20061101)  
Votes
ACCEPT(5) Armstrong, Baker, Cole, Foat, Wall | MODIFY(1) Frech | NOOP(1) Cox | REVIEWING(1) Christey  
Comments
Christey> NOTE: As of 5/20/2002, there is a lack of clarity regarding | the details of this vulnerability and other vulnerabilities | being reported by GreyMagic and Thor Larholm. Additional | details will be added to this candidate if/when they become | available. This candidate is solely for the issue that is | being addressed by Microsoft in MS:MS02-023. Its relationship | with other reported issues is currently unproven. | | This candidate is subject to CD:VAGUE. | Christey> XF:ie-dialog-window-css(8868) | URL:http://www.iss.net/security_center/static/8868.php | Frech> XF:ie-dialog-window-css(8868) | Baker> I agree some of the information appears vague, but seems to be legitimate.  

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
22892 4581 CVE-2002-0189 MS:MS02-023  View
22893 4581 CVE-2002-0189 URL:http://www.microsoft.com/technet/security/bulletin/ms02-023.asp  View
22894 4581 CVE-2002-0189 OVAL:oval:org.mitre.oval:def:19  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
63764 JVNDB-2002-000091 Microsoft Internet Explorer の ダイアログにおける不適切なポリシー適用の脆弱性 Microsoft Internet Explorer の dialogArguments プロパティの実装に不備があり、他のページへリダイレクトするように記述されている場合、リダイレクト先のページのチェックを確認しないため、マシン上で任意のコマンドを実行可能である脆弱性が存在します。 CVE-2002-0189 4581 7.5 http://jvndb.jvn.jp/ja/contents/2002/JVNDB-2002-000091.html  View