CVE-2003-0815
First published: Wed Jan 14 2004(Updated: )
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Internet Explorer | =6.0-sp1 | |
| Internet Explorer | =5.0.1 | |
| Internet Explorer | =5.0.1-sp1 | |
| Internet Explorer | =5.0.1-sp2 | |
| Internet Explorer | =5.0.1-sp3 | |
| Internet Explorer | =5.5 | |
| Internet Explorer | =5.5-sp1 | |
| Internet Explorer | =5.5-sp2 | |
| Internet Explorer | =6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/9014
- http://www.securityfocus.com/archive/1/337086
- http://www.safecenter.net/UMBRELLAWEBV4/LinkillerSaveRef/LinkillerSaveRef-Content.HTM
- http://www.safecenter.net/UMBRELLAWEBV4/LinkillerJPU/LinkillerJPU-Content.HTM
- http://www.safecenter.net/UMBRELLAWEBV4/Linkiller/Linkiller-Content.HTM
- http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0150.html
- http://www.ciac.org/ciac/bulletins/o-021.shtml
- http://www.osvdb.org/7888
- http://www.osvdb.org/7889
- http://securitytracker.com/id?1007687
- http://secunia.com/advisories/10192
- http://marc.info/?l=bugtraq&m=106322542104656&w=2
- http://marc.info/?l=bugtraq&m=106321757619047&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13676
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A472
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A359
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A357
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A356
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A353
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A352
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A351
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048
Frequently Asked Questions
What is the severity of CVE-2003-0815?
CVE-2003-0815 is rated as having a critical severity due to the potential for remote file access and data exposure.
How do I fix CVE-2003-0815?
To mitigate CVE-2003-0815, it is recommended to update Internet Explorer to the latest version available that has patched this vulnerability.
What systems are affected by CVE-2003-0815?
CVE-2003-0815 affects multiple versions of Microsoft Internet Explorer, specifically versions from 5.0.1 to 6.0 SP1.
What are the potential impacts of CVE-2003-0815?
The potential impacts of CVE-2003-0815 include arbitrary file reading, which can lead to unauthorized access to sensitive information.
Can CVE-2003-0815 be exploited remotely?
Yes, CVE-2003-0815 can be exploited remotely by attackers to bypass security zones and access files on the victim's system.
- agent/type
- agent/references
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/remedy
- agent/last-modified-date
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/microsoft
- canonical/microsoft internet explorer
- version/microsoft internet explorer/6.0-sp1
- canonical/internet explorer
- version/internet explorer/5.0.1
- version/internet explorer/5.0.1-sp1
- version/internet explorer/5.0.1-sp2
- version/internet explorer/5.0.1-sp3
- version/internet explorer/5.5
- version/internet explorer/5.5-sp1
- version/internet explorer/5.5-sp2
- version/internet explorer/6.0