CVE-2003-0814
First published: Wed Jan 14 2004(Updated: )
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Internet Explorer | =6.0-sp1 | |
| Internet Explorer | =5.5-sp2 | |
| Internet Explorer | =5.0.1 | |
| Internet Explorer | =5.0.1-sp2 | |
| Internet Explorer | =5.0.1-sp3 | |
| Internet Explorer | =5.0.1-sp1 | |
| Internet Explorer | =5.5 | |
| Internet Explorer | =5.5-sp1 | |
| Internet Explorer | =6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.kb.cert.org/vuls/id/326412
- http://www.securityfocus.com/archive/1/337086
- http://www.safecenter.net/liudieyu/BodyRefreshLoadsJPU/BodyRefreshLoadsJPU-Content.htm
- http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0177.html
- http://securitytracker.com/id?1007687
- http://secunia.com/advisories/10192
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A392
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A349
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A344
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A343
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A342
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A341
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A335
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048
Frequently Asked Questions
What is the severity of CVE-2003-0814?
CVE-2003-0814 is considered a high severity vulnerability due to its ability to bypass security restrictions and execute arbitrary scripts.
How can I fix CVE-2003-0814?
To fix CVE-2003-0814, it is recommended to upgrade to a newer version of Internet Explorer that is not affected by this vulnerability.
Which versions of Internet Explorer are affected by CVE-2003-0814?
CVE-2003-0814 affects Internet Explorer versions 5.0.1 SP1 and later, up to 6.0 SP1.
What types of attacks can exploit CVE-2003-0814?
CVE-2003-0814 can be exploited by remote attackers to execute malicious JavaScript code through cross-domain script execution.
Is there a workaround for CVE-2003-0814?
A potential workaround for CVE-2003-0814 is to disable JavaScript execution in the affected Internet Explorer versions.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/remedy
- agent/last-modified-date
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/microsoft
- canonical/microsoft internet explorer
- version/microsoft internet explorer/6.0-sp1
- canonical/internet explorer
- version/internet explorer/5.5-sp2
- version/internet explorer/5.0.1
- version/internet explorer/5.0.1-sp2
- version/internet explorer/5.0.1-sp3
- version/internet explorer/5.0.1-sp1
- version/internet explorer/5.5
- version/internet explorer/5.5-sp1
- version/internet explorer/6.0