CVE-2002-1442

Опубликовано: 11 апр. 2003

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

The Google toolbar 1.1.58 and earlier allows remote web sites to perform unauthorized toolbar operations including script execution and file reading in other zones such as "My Computer" by opening a window to tools.google.com or the res: protocol, then using script to modify the window's location to the toolbar's configuration URL, which bypasses the origin verification check.

Ссылки

http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0066.html
http://online.securityfocus.com/archive/1/286527
Exploit
Patch
Vendor Advisory
http://sec.greymagic.com/adv/gm001-mc/
http://www.securityfocus.com/bid/5424
Exploit
Patch
Vendor Advisory
http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0066.html
http://online.securityfocus.com/archive/1/286527
Exploit
Patch
Vendor Advisory
http://sec.greymagic.com/adv/gm001-mc/
http://www.securityfocus.com/bid/5424
Exploit
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:google:toolbar:1.1.41:*:*:*:*:*:*:*

cpe:2.3:a:google:toolbar:1.1.42:*:*:*:*:*:*:*

cpe:2.3:a:google:toolbar:1.1.43:*:*:*:*:*:*:*

cpe:2.3:a:google:toolbar:1.1.44:*:*:*:*:*:*:*

cpe:2.3:a:google:toolbar:1.1.45:*:*:*:*:*:*:*

cpe:2.3:a:google:toolbar:1.1.47:*:*:*:*:*:*:*

cpe:2.3:a:google:toolbar:1.1.48:*:*:*:*:*:*:*

cpe:2.3:a:google:toolbar:1.1.49:*:*:*:*:*:*:*

cpe:2.3:a:google:toolbar:1.1.53:*:*:*:*:*:*:*

cpe:2.3:a:google:toolbar:1.1.54:*:*:*:*:*:*:*

cpe:2.3:a:google:toolbar:1.1.55:*:*:*:*:*:*:*

cpe:2.3:a:google:toolbar:1.1.56:*:*:*:*:*:*:*

cpe:2.3:a:google:toolbar:1.1.57:*:*:*:*:*:*:*

cpe:2.3:a:google:toolbar:1.1.58:*:*:*:*:*:*:*

EPSS

Процентиль: 71%

0.00677

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-hmfp-vr8f-x8xc

github

почти 4 года назад