CVE-2002-1254
First published: Wed Nov 27 2002(Updated: )
Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model and access information on the local system or in other domains, and possibly execute code, via cached methods and objects, aka "Cross Domain Verification via Cached Methods."
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Internet Explorer | =6.0-sp1 | |
| Internet Explorer | =5.5-sp2 | |
| Internet Explorer | =5.5 | |
| Internet Explorer | =5.5-sp1 | |
| Internet Explorer | =6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/6028
- http://security.greymagic.com/adv/gm012-ie/
- http://www.ciac.org/ciac/bulletins/n-018.shtml
- http://www.iss.net/security_center/static/10435.php
- http://www.iss.net/security_center/static/10436.php
- http://www.iss.net/security_center/static/10437.php
- http://www.iss.net/security_center/static/10438.php
- http://www.iss.net/security_center/static/10439.php
- http://marc.info/?l=bugtraq&m=103530131201191&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/10432
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A408
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A388
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066
Frequently Asked Questions
What is the severity of CVE-2002-1254?
CVE-2002-1254 is considered a high-severity vulnerability due to its potential to bypass cross-domain security and allow unauthorized access to sensitive information.
How do I fix CVE-2002-1254?
To fix CVE-2002-1254, it is recommended to upgrade to a more recent and secure version of Internet Explorer or apply any available patches.
What versions of Internet Explorer are affected by CVE-2002-1254?
CVE-2002-1254 affects Internet Explorer versions 5.5 and 6.0, specifically with certain service packs.
What types of attacks are possible due to CVE-2002-1254?
CVE-2002-1254 allows remote attackers to access local system information or execute code through cached methods and objects.
Is CVE-2002-1254 a client-side vulnerability?
Yes, CVE-2002-1254 is a client-side vulnerability as it exploits flaws in the Internet Explorer browser's handling of cross-domain security.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/references
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/remedy
- agent/author
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/microsoft
- canonical/microsoft internet explorer
- version/microsoft internet explorer/6.0-sp1
- canonical/internet explorer
- version/internet explorer/5.5-sp2
- version/internet explorer/5.5
- version/internet explorer/5.5-sp1
- version/internet explorer/6.0