CVE-2001-1410
published 2003-08-18CVE-2001-1410: Internet Explorer 6 and earlier allows remote attackers to create chromeless windows using the Javascript window.createPopup method, which could allow…
PriorityP426medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
50.55%
98.8th percentile
Internet Explorer 6 and earlier allows remote attackers to create chromeless windows using the Javascript window.createPopup method, which could allow attackers to simulate a victim's display and conduct unauthorized activities or steal sensitive data via social engineering.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect use of window.createPopup() JavaScript method in web content, which is the core primitive exploited to create chromeless/borderless popup windows for UI spoofing ↗
- →Look for JavaScript using window.createPopup() combined with document.body.innerHTML assignment and window.screenLeft/screenTop positioning — characteristic pattern of the spoofing PoC ↗
- →Detect popup windows positioned using window.screenLeft and window.screenTop offsets to overlay browser chrome — used to simulate the address bar or OS UI elements ↗
- →Watch for injected HTML content inside a createPopup window that renders a fake HTTPS URL string (e.g. 'https://') styled to mimic the browser address bar using Tahoma font at 8pt — classic address bar spoofing payload ↗
- ·Exploit targets Internet Explorer 5 and 6 only; window.createPopup() is not present in modern browsers, limiting scope to legacy IE environments ↗
- ·The attack is purely social-engineering based — no code execution occurs; the threat model is UI/address-bar spoofing to deceive users into trusting a malicious page as legitimate ↗
- ·The popup re-registers itself on unload (onunload= vuln_pop), making it persistent across navigation attempts within the same browser session — detection should account for repeated popup creation ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=105820229407274&w=2http://marc.info/?l=bugtraq&m=105829174431769&w=2http://www.doxdesk.com/personal/posts/bugtraq/20030713-ie/http://www.guninski.com/popspoof.htmlhttp://www.kb.cert.org/vuls/id/490708http://www.securityfocus.com/archive/1/221883http://www.securityfocus.com/bid/3469http://www.systemintegra.com/ie-fullscreen/https://exchange.xforce.ibmcloud.com/vulnerabilities/7313http://marc.info/?l=bugtraq&m=105820229407274&w=2http://marc.info/?l=bugtraq&m=105829174431769&w=2http://www.doxdesk.com/personal/posts/bugtraq/20030713-ie/http://www.guninski.com/popspoof.htmlhttp://www.kb.cert.org/vuls/id/490708http://www.securityfocus.com/archive/1/221883http://www.securityfocus.com/bid/3469http://www.systemintegra.com/ie-fullscreen/https://exchange.xforce.ibmcloud.com/vulnerabilities/7313
2003-08-18
Published