Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-1254Microsoft Internet Explorer vulnerability

4 documents4 sources
Severity
7.5HIGHNVD
EPSS
66.2%
top 1.47%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Microsoft IEMicrosoft Internet Explorer
Timeline
PublishedDec 11
Latest updateApr 30

Description

Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model and access information on the local system or in other domains, and possibly execute code, via cached methods and objects, aka "Cross Domain Verification via Cached Methods."

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

NVDmicrosoft/ie6.0

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-xw9c-r5pv-7f67: Internet Explorer 52022-04-30
CVEList
CVE-2002-1254: Internet Explorer 52002-11-27

💥Exploits & PoCs

1
Exploit-DB
Microsoft Internet Explorer 5/6 - Cached Objects Zone Bypass2002-10-22
CVE-2002-1254 — Microsoft vulnerability | cvebase