CVE-2003-0814

Name of the Vulnerable Software and Affected Versions Internet Explorer versions 6 SP1 and earlier

Description The issue allows remote attackers to bypass zone restrictions and execute Javascript. This is achieved by setting the window's href to the malicious Javascript, then calling execCommand("Refresh") to refresh the page.

Recommendations For Internet Explorer versions 6 SP1 and earlier, consider disabling the use of execCommand("Refresh") until a patch is available. Restrict access to potentially malicious Javascript sources to minimize the risk of exploitation.