PT-2004-1163 · Microsoft · Internet Explorer
Liu Die Yu
·
Published
2004-01-14
·
Updated
2021-07-23
·
CVE-2003-0814
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Internet Explorer versions 6 SP1 and earlier
Description
The issue allows remote attackers to bypass zone restrictions and execute Javascript. This is achieved by setting the window's
href to the malicious Javascript, then calling execCommand("Refresh") to refresh the page.Recommendations
For Internet Explorer versions 6 SP1 and earlier, consider disabling the use of
execCommand("Refresh") until a patch is available. Restrict access to potentially malicious Javascript sources to minimize the risk of exploitation.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Internet Explorer