Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-1217 — Microsoft Internet Explorer vulnerability

3 documents3 sources

Severity

7.5HIGHNVD

EPSS

64.8%

top 1.52%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Internet Explorer

Timeline

PublishedOct 28

Latest updateApr 30

Description

Cross-Frame scripting vulnerability in the WebBrowser control as used in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code, read arbitrary files, or conduct other unauthorized activities via script that accesses the Document property, which bypasses and domain restrictions.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDmicrosoft/internet_explorer5.5, 6.0+1

Patches

Patch: security.greymagic.com ↗Patch: security.greymagic.com ↗

🔴Vulnerability Details

GHSA

GHSA-vvg3-w575-g5c9: Cross-Frame scripting vulnerability in the WebBrowser control as used in Internet Explorer 5↗2022-04-30

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Internet Explorer 5/6 - Unauthorized Document Object Model Access↗2002-10-15

▶