CVE-2003-0815

Severity

75%

Complexity

99%

Confidentiality

106%

Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability.

Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability.

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

Type

Microsoft

First reported 21 years ago

2004-02-03 05:00:00

Last updated 6 years ago

2018-10-12 21:33:00

Affected Software

Microsoft Internet Explorer 5.0.1

5.0.1

Microsoft Internet Explorer 5.0.1 SP1

5.0.1

Microsoft Internet Explorer 5.0.1 SP2

5.0.1

Microsoft Internet Explorer 5.0.1 SP3

5.0.1

Microsoft ie 5.5

5.5

Microsoft Internet Explorer 5.5 SP1

5.5

Microsoft Internet Explorer 5.5 SP2

5.5

Microsoft Internet Explorer 6.0

6.0

References

20030910 MSIE->LinkillerJPU:another caller-based authorization(is broken).

20030910 MSIE->Findeath: break caller-based authorization

10192

1007687

O-021

20030910 MSIE->LinkillerSaveRef:another caller-based authorization

7888

7889

http://www.safecenter.net/UMBRELLAWEBV4/Linkiller/Linkiller-Content.HTM

http://www.safecenter.net/UMBRELLAWEBV4/LinkillerJPU/LinkillerJPU-Content.HTM

http://www.safecenter.net/UMBRELLAWEBV4/LinkillerSaveRef/LinkillerSaveRef-Content.HTM

20030911 LiuDieYu's missing files are here.

9014

Patch, Vendor Advisory

MS03-048

ie-pointer-zone-bypass(13676)

oval:org.mitre.oval:def:351

oval:org.mitre.oval:def:352

oval:org.mitre.oval:def:353

oval:org.mitre.oval:def:356

oval:org.mitre.oval:def:357

oval:org.mitre.oval:def:359

oval:org.mitre.oval:def:472

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.