First published: Fri Oct 13 2000(Updated: )
A function in Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files, aka a variant of the "Frame Domain Verification" vulnerability.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft Internet Explorer | =5.0 | |
Microsoft Internet Explorer | =4.0 | |
Microsoft Internet Explorer | =5.0 | |
Microsoft Internet Explorer | =5.0 | |
Microsoft Internet Explorer | =4.0 | |
Microsoft Internet Explorer | =5.0 | |
Internet Explorer | =5.01 | |
Internet Explorer | =4.0 | |
Internet Explorer | =5.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2000-0768 is considered a critical vulnerability as it allows remote attackers to access client files.
To fix CVE-2000-0768, users should upgrade to a later version of Internet Explorer that addresses this vulnerability.
CVE-2000-0768 affects Internet Explorer versions 4.x and 5.x.
CVE-2000-0768 is associated with cross-site scripting attacks due to improper domain verification.
Yes, CVE-2000-0768 can be exploited remotely without requiring direct access to the affected system.