CVE-2002-1187

Name of the Vulnerable Software and Affected Versions: Internet Explorer versions 5.01 through 6.0

Description: A cross-site scripting issue allows remote attackers to read and execute files on the local system via web pages using the or element and javascript. This can be achieved by utilizing resources such as PrivacyPolicy.dlg.

Recommendations: For Internet Explorer versions 5.01 through 6.0, consider disabling the use of <frame> and <iframe> elements in web pages until a fix is available. As a temporary workaround, restrict the execution of javascript in these versions to minimize the risk of exploitation.