CVE-2002-1217
CVSS7.5
发布时间 :2002-10-28 00:00:00
修订时间 :2016-10-17 22:24:50
NMCOE    

[原文]Cross-Frame scripting vulnerability in the WebBrowser control as used in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code, read arbitrary files, or conduct other unauthorized activities via script that accesses the Document property, which bypasses <frame> and <iframe> domain restrictions.


[CNNVD]Microsoft Internet Explorer未授权文档对象模型(DOM)访问漏洞(CNNVD-200210-282)

        
        Microsoft Internet Explorer是微软公司开发和维护的流行的WEB浏览器。
        MSIE没有充分检查所有帧属性的访问控制权限,远程攻击者可以利用这个漏洞未授权访问其他不同域中帧/子帧的文档对象模型(Document Object Model)。
        和