Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-1688Privilege Context Switching Error in Microsoft Internet Explorer

CWE-270Privilege Context Switching Error6 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
36.7%
top 2.84%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Internet Explorer
Timeline
PublishedDec 31
Latest updateApr 30

Description

The browser history feature in Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to execute arbitrary script as other users and steal authentication information via cookies by injecting JavaScript into the URL, which is executed when the user hits the Back button.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

1
GHSA
GHSA-p5px-mhvg-p26g: The browser history feature in Microsoft Internet Explorer 52022-04-30

💥Exploits & PoCs

3
Exploit-DB
HP-UX 11 - Software Distributor Lang Environment Variable Local Buffer Overrun2002-12-11
Exploit-DB
HP-UX 11.0/11.11 - 'swxxx' Privilege Escalation2002-12-11
Exploit-DB
Microsoft Internet Explorer 5.5/6.0 - History List Script Injection2002-04-15

📐Framework References

1
CWE
Privilege Context Switching Error
CVE-2002-1688 — Privilege Context Switching Error | cvebase