Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2003-0816
Deferred
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-03 Feb, 2004 | 05:00
Updated At-03 Apr, 2025 | 01:03

Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
Microsoft Corporation
microsoft
>>ie>>6.0
cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>internet_explorer>>5.0.1
cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>internet_explorer>>5.0.1
cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>internet_explorer>>5.0.1
cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>internet_explorer>>5.0.1
cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>internet_explorer>>5.5
cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>internet_explorer>>5.5
cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>internet_explorer>>5.5
cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>internet_explorer>>6.0
cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://marc.info/?l=bugtraq&m=106321638416884&w=2cve@mitre.org
N/A
http://marc.info/?l=bugtraq&m=106321693517858&w=2cve@mitre.org
N/A
http://marc.info/?l=bugtraq&m=106321781819727&w=2cve@mitre.org
N/A
http://marc.info/?l=bugtraq&m=106321882821788&w=2cve@mitre.org
N/A
http://marc.info/?l=bugtraq&m=106322063729496&w=2cve@mitre.org
N/A
http://marc.info/?l=bugtraq&m=106322240132721&w=2cve@mitre.org
N/A
http://secunia.com/advisories/10192cve@mitre.org
N/A
http://securitytracker.com/id?1007687cve@mitre.org
N/A
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0146.htmlcve@mitre.org
N/A
http://www.kb.cert.org/vuls/id/652452cve@mitre.org
Patch
Third Party Advisory
US Government Resource
http://www.kb.cert.org/vuls/id/771604cve@mitre.org
US Government Resource
http://www.safecenter.net/UMBRELLAWEBV4/NAFfileJPU/NAFfileJPU-Content.htmcve@mitre.org
N/A
http://www.safecenter.net/UMBRELLAWEBV4/WsOpenFileJPU/WsOpenFileJPU-Content.HTMcve@mitre.org
N/A
http://www.safecenter.net/liudieyu/BackMyParent/BackMyParent-content.htmcve@mitre.org
N/A
http://www.safecenter.net/liudieyu/BackMyParent2/BackMyParent2-Content.HTMcve@mitre.org
N/A
http://www.safecenter.net/liudieyu/NAFjpuInHistory/NAFjpuInHistory-Content.HTMcve@mitre.org
N/A
http://www.safecenter.net/liudieyu/RefBack/RefBack-Content.HTMcve@mitre.org
N/A
http://www.safecenter.net/liudieyu/WsBASEjpu/WsBASEjpu-Content.HTMcve@mitre.org
N/A
http://www.safecenter.net/liudieyu/WsFakeSrc/WsFakeSrc-Content.HTMcve@mitre.org
N/A
http://www.safecenter.net/liudieyu/WsOpenJpuInHistory/WsOpenJpuInHistory-Content.HTMcve@mitre.org
N/A
http://www.securityfocus.com/archive/1/336937cve@mitre.org
N/A
http://www.securityfocus.com/archive/1/337086cve@mitre.org
N/A
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048cve@mitre.org
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A361cve@mitre.org
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A362cve@mitre.org
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A363cve@mitre.org
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A409cve@mitre.org
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A416cve@mitre.org
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A459cve@mitre.org
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A479cve@mitre.org
N/A
http://marc.info/?l=bugtraq&m=106321638416884&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=106321693517858&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=106321781819727&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=106321882821788&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=106322063729496&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=106322240132721&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/10192af854a3a-2127-422b-91ae-364da2661108
N/A
http://securitytracker.com/id?1007687af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0146.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.kb.cert.org/vuls/id/652452af854a3a-2127-422b-91ae-364da2661108
Patch
Third Party Advisory
US Government Resource
http://www.kb.cert.org/vuls/id/771604af854a3a-2127-422b-91ae-364da2661108
US Government Resource
http://www.safecenter.net/UMBRELLAWEBV4/NAFfileJPU/NAFfileJPU-Content.htmaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.safecenter.net/UMBRELLAWEBV4/WsOpenFileJPU/WsOpenFileJPU-Content.HTMaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.safecenter.net/liudieyu/BackMyParent/BackMyParent-content.htmaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.safecenter.net/liudieyu/BackMyParent2/BackMyParent2-Content.HTMaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.safecenter.net/liudieyu/NAFjpuInHistory/NAFjpuInHistory-Content.HTMaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.safecenter.net/liudieyu/RefBack/RefBack-Content.HTMaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.safecenter.net/liudieyu/WsBASEjpu/WsBASEjpu-Content.HTMaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.safecenter.net/liudieyu/WsFakeSrc/WsFakeSrc-Content.HTMaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.safecenter.net/liudieyu/WsOpenJpuInHistory/WsOpenJpuInHistory-Content.HTMaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/336937af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/337086af854a3a-2127-422b-91ae-364da2661108
N/A
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A361af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A362af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A363af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A409af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A416af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A459af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A479af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://marc.info/?l=bugtraq&m=106321638416884&w=2
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=106321693517858&w=2
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=106321781819727&w=2
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=106321882821788&w=2
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=106322063729496&w=2
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=106322240132721&w=2
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/10192
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://securitytracker.com/id?1007687
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0146.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.kb.cert.org/vuls/id/652452
Source: cve@mitre.org
Resource:
Patch
Third Party Advisory
US Government Resource
Hyperlink: http://www.kb.cert.org/vuls/id/771604
Source: cve@mitre.org
Resource:
US Government Resource
Hyperlink: http://www.safecenter.net/UMBRELLAWEBV4/NAFfileJPU/NAFfileJPU-Content.htm
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.safecenter.net/UMBRELLAWEBV4/WsOpenFileJPU/WsOpenFileJPU-Content.HTM
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.safecenter.net/liudieyu/BackMyParent/BackMyParent-content.htm
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.safecenter.net/liudieyu/BackMyParent2/BackMyParent2-Content.HTM
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.safecenter.net/liudieyu/NAFjpuInHistory/NAFjpuInHistory-Content.HTM
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.safecenter.net/liudieyu/RefBack/RefBack-Content.HTM
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.safecenter.net/liudieyu/WsBASEjpu/WsBASEjpu-Content.HTM
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.safecenter.net/liudieyu/WsFakeSrc/WsFakeSrc-Content.HTM
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.safecenter.net/liudieyu/WsOpenJpuInHistory/WsOpenJpuInHistory-Content.HTM
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/336937
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/337086
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A361
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A362
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A363
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A409
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A416
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A459
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A479
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=106321638416884&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=106321693517858&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=106321781819727&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=106321882821788&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=106322063729496&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=106322240132721&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/10192
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://securitytracker.com/id?1007687
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0146.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.kb.cert.org/vuls/id/652452
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Third Party Advisory
US Government Resource
Hyperlink: http://www.kb.cert.org/vuls/id/771604
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
US Government Resource
Hyperlink: http://www.safecenter.net/UMBRELLAWEBV4/NAFfileJPU/NAFfileJPU-Content.htm
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.safecenter.net/UMBRELLAWEBV4/WsOpenFileJPU/WsOpenFileJPU-Content.HTM
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.safecenter.net/liudieyu/BackMyParent/BackMyParent-content.htm
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.safecenter.net/liudieyu/BackMyParent2/BackMyParent2-Content.HTM
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.safecenter.net/liudieyu/NAFjpuInHistory/NAFjpuInHistory-Content.HTM
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.safecenter.net/liudieyu/RefBack/RefBack-Content.HTM
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.safecenter.net/liudieyu/WsBASEjpu/WsBASEjpu-Content.HTM
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.safecenter.net/liudieyu/WsFakeSrc/WsFakeSrc-Content.HTM
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.safecenter.net/liudieyu/WsOpenJpuInHistory/WsOpenJpuInHistory-Content.HTM
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/336937
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/337086
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A361
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A362
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A363
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A409
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A416
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A459
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A479
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Change History
0Changes found
Details not found