cbcvebase.
CVE-2004-0727
published 2004-07-27

CVE-2004-0727: Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone…

PriorityP273high7.5CVSS 2.0
AVNACLAuNCPIPAP
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
39.78%
98.4th percentile
Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability."

Affected

1 ranges
VendorProductVersion rangeFixed in
microsoftinternet_explorer

Detection & IOCsextracted from sources · hover to see the quote

versionMicrosoft Internet Explorer 6.0.2800.1106
commandjavascript:setInterval(function(){try{var tempvar=opener.location.href;}catch(e){location.assign('javascript:document.innerHTML="Microsoft Corporation0wned"');window.close();}},100)
  • Look for cross-domain/cross-zone exploitation via JavaScript method reassignment — specifically, a script assigning a method (e.g., location.assign) from one window context to another window's context, then navigating the parent window to a trusted domain (e.g., microsoft.com) to escalate zone trust.
  • Detect use of 'SimilarMethodNameRedir' pattern: JavaScript that opens a new window, copies a built-in method reference (e.g., location.assign) from one window to another, and then invokes it cross-domain to bypass zone restrictions.
  • ·The vulnerability affects multiple IE versions (5.01, 5.5, and 6.0.2800.1106 on XP SP2); detection rules should not be scoped to a single version.
  • ·Exploitation requires the attacker to redirect the victim's window to a trusted/high-privilege zone (e.g., microsoft.com) after method reassignment; detection logic should correlate the navigation event with prior cross-window method copying.

CVSS provenance

nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.