First published: Wed Jan 14 2004(Updated: )
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft Ie | =6.0-sp1 | |
Microsoft Internet Explorer | =5.5-sp2 | |
Microsoft Internet Explorer | =5.0.1 | |
Microsoft Internet Explorer | =5.0.1-sp2 | |
Microsoft Internet Explorer | =5.0.1-sp3 | |
Microsoft Internet Explorer | =5.0.1-sp1 | |
Microsoft Internet Explorer | =5.5 | |
Microsoft Internet Explorer | =5.5-sp1 | |
Microsoft Internet Explorer | =6.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.