CVE-2003-1026

Name of the Vulnerable Software and Affected Versions Internet Explorer versions 5.01 through 6 SP1

Description The issue allows remote attackers to bypass zone restrictions. This is achieved via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back() function is called.

Recommendations For Internet Explorer versions 5.01 through 6 SP1, consider disabling javascript execution in sub-frames as a temporary workaround until a patch is available. Restrict access to sensitive zones to minimize the risk of exploitation.