CVE-2004-1155

Опубликовано: 31 дек. 2004

Источник: nvd

CVSS2: 7.5

EPSS Средний

Описание

Internet Explorer 5.01 through 6 allows remote attackers to spoof arbitrary web sites by injecting content from one window into another window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. NOTE: later research shows that Internet Explorer 7 on Windows XP SP2 is also vulnerable.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:microsoft:ie:5.0.1:*:windows_2000:*:*:*:*:*

cpe:2.3:a:microsoft:ie:5.0.1:*:windows_95:*:*:*:*:*

cpe:2.3:a:microsoft:ie:5.0.1:*:windows_98:*:*:*:*:*

cpe:2.3:a:microsoft:ie:5.0.1:*:windows_nt_4.0:*:*:*:*:*

cpe:2.3:a:microsoft:ie:5.2.3:*:macintosh:*:*:*:*:*

cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*

cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*

cpe:2.3:a:microsoft:ie:7.0:windows_xp_sp2:*:*:*:*:*:*

cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*

cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*

cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*

cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*

cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:internet_explorer:5.5:preview:*:*:*:*:*:*

cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*

cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*

cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*

EPSS

Процентиль: 95%

0.19575

Средний

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-7ph8-m5fp-w25v

github

больше 3 лет назад