Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-1026Microsoft Internet Explorer vulnerability

CWE-2644 documents4 sources
Severity
9.3CRITICALNVD
EPSS
55.8%
top 1.90%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Microsoft IEMicrosoft Internet Explorer
Timeline
PublishedJan 20
Latest updateApr 29

Description

Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDmicrosoft/internet_explorer4 versions+3
NVDmicrosoft/ie6.0

🔴Vulnerability Details

2
GHSA
GHSA-vh66-78r7-g63j: Internet Explorer 52022-04-29
CVEList
CVE-2003-1026: Internet Explorer 52004-01-08

💥Exploits & PoCs

1
Exploit-DB
Microsoft Internet Explorer - URL Injection in History List (MS04-004)2004-02-04
CVE-2003-1026 — Microsoft vulnerability | cvebase