First published: Tue Dec 31 2002(Updated: )
The browser history feature in Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to execute arbitrary script as other users and steal authentication information via cookies by injecting JavaScript into the URL, which is executed when the user hits the Back button.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Internet Explorer | =5.5-sp2 | |
Internet Explorer | =5.5 | |
Internet Explorer | =5.5-sp1 | |
Internet Explorer | =6.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2002-1688 is considered a high severity vulnerability due to the potential for remote script execution and the theft of sensitive authentication information.
To mitigate CVE-2002-1688, users should upgrade to a more secure version of Internet Explorer or apply the latest security patches provided by Microsoft.
CVE-2002-1688 affects Microsoft Internet Explorer versions 5.5 and 6.0, including Service Pack 1 and 2.
CVE-2002-1688 is associated with cross-site scripting attacks, where attackers can execute malicious scripts through specially crafted URLs.
Yes, CVE-2002-1688 can be exploited remotely, allowing attackers to manipulate users' browsers and steal cookies or session tokens.