Overview
A vulnerability exists in Microsoft Internet Explorer that could permit an attacker to execute arbitrary script, even if the user has specifically disabled active scripting.
Description
Internet Explorer permits users to customize settings that enable and disable the ability of scripts to run on a web site. A vulnerability exists in Microsoft Internet Explorer, versions 5.5 up to and including SP2 and version 6, that could permit an attacker to execute arbitrary script, even if the user has specifically disabled active scripting. |
Impact
A remote attacker can execute arbitrary script even though the user has disabled active scripting. Note that the script will still obey all zone restrictions for the domain. |
Solution
Apply the patch specified in Microsoft's Security Bulletin (MS02-005). |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
This vulnerability was reported in a Microsoft Security Bulletin.
This document was written by Jason A Rafail.
Other Information
| CVE IDs: | CVE-2002-0026 |
| Severity Metric: | 20.88 |
| Date Public: | 2002-02-11 |
| Date First Published: | 2002-10-01 |
| Date Last Updated: | 2002-10-01 15:02 UTC |
| Document Revision: | 11 |