CVE-2002-1217
published 2002-10-28CVE-2002-1217: Cross-Frame scripting vulnerability in the WebBrowser control as used in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code, read…
PriorityP337high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
47.07%
98.7th percentile
Cross-Frame scripting vulnerability in the WebBrowser control as used in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code, read arbitrary files, or conduct other unauthorized activities via script that accesses the Document property, which bypasses and domain restrictions.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect cross-frame DOM access attempts using the capitalized 'Document' property (as opposed to lowercase 'document') on iframe/frame elements, which bypasses MSIE's same-origin policy checks. ↗
- →Monitor for script accessing the '.Document.cookie' property on iframe/frame element references (e.g., getElementById(...).Document.cookie), indicative of cross-domain cookie theft via the WebBrowser control. ↗
- →Flag exploitation attempts targeting Internet Explorer 5.5 and 6.0 WebBrowser control where script accesses the 'Document' property of a cross-domain frame to read files, cookies, or execute code. ↗
- ·The vulnerability specifically affects Internet Explorer 5.5 and 6.0; the capitalized 'Document' property bypass does not apply to other browsers or later IE versions with corrected access controls. ↗
- ·A setTimeout delay (100ms) is used in the exploit to avoid triggering anomalous behavior in certain conditions, meaning detection based purely on immediate DOM access timing may miss this exploit pattern. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0024.htmlhttp://marc.info/?l=bugtraq&m=103470310417576&w=2http://marc.info/?l=ntbugtraq&m=103470202010570&w=2http://security.greymagic.com/adv/gm011-ie/http://www.ciac.org/ciac/bulletins/n-018.shtmlhttp://www.iss.net/security_center/static/10371.phphttp://www.securityfocus.com/bid/5963https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A272https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A333http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0024.htmlhttp://marc.info/?l=bugtraq&m=103470310417576&w=2http://marc.info/?l=ntbugtraq&m=103470202010570&w=2http://security.greymagic.com/adv/gm011-ie/http://www.ciac.org/ciac/bulletins/n-018.shtmlhttp://www.iss.net/security_center/static/10371.phphttp://www.securityfocus.com/bid/5963https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A272https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A333
2002-10-28
Published