CVE-2003-1026
First published: Thu Jan 08 2004(Updated: )
Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability."
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Internet Explorer | =6.0-sp1 | |
| Internet Explorer | =5.0 | |
| Internet Explorer | =5.0.1 | |
| Internet Explorer | =5.0.1-sp1 | |
| Internet Explorer | =5.0.1-sp2 | |
| Internet Explorer | =5.0.1-sp3 | |
| Internet Explorer | =5.5 | |
| Internet Explorer | =5.5-sp1 | |
| Internet Explorer | =5.5-sp2 | |
| Internet Explorer | =6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.kb.cert.org/vuls/id/784102
- http://www.safecenter.net/UMBRELLAWEBV4/BackToFramedJpu
- http://www.us-cert.gov/cas/techalerts/TA04-033A.html
- http://marc.info/?l=bugtraq&m=107038202225587&w=2
- http://marc.info/?l=bugtraq&m=106979349517578&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13846
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A805
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A774
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A745
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A689
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A687
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A643
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A630
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-004
Frequently Asked Questions
What is the severity of CVE-2003-1026?
CVE-2003-1026 is considered a high severity vulnerability due to its potential for exploiting zone restrictions in Internet Explorer.
How do I fix CVE-2003-1026?
To fix CVE-2003-1026, users should upgrade to the latest version of Internet Explorer or apply the necessary security patches provided by Microsoft.
Which versions of Internet Explorer are affected by CVE-2003-1026?
CVE-2003-1026 affects Internet Explorer versions 5.0, 5.0.1, 5.5, and 6.0, including their respective service packs.
What type of attack is possible with CVE-2003-1026?
CVE-2003-1026 allows attackers to bypass security zone restrictions, potentially leading to unauthorized actions in the browser's context.
Is CVE-2003-1026 still a threat today?
While CVE-2003-1026 primarily affects older versions of Internet Explorer, users still operating these versions may face risks if not mitigated properly.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/microsoft
- canonical/microsoft internet explorer
- version/microsoft internet explorer/6.0-sp1
- canonical/internet explorer
- version/internet explorer/5.0
- version/internet explorer/5.0.1
- version/internet explorer/5.0.1-sp1
- version/internet explorer/5.0.1-sp2
- version/internet explorer/5.0.1-sp3
- version/internet explorer/5.5
- version/internet explorer/5.5-sp1
- version/internet explorer/5.5-sp2
- version/internet explorer/6.0