Search criteria
6 vulnerabilities found for pocket_ie by microsoft
FKIE_CVE-2009-2064
Vulnerability from fkie_nvd - Published: 2009-06-15 19:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Microsoft Internet Explorer 8, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | internet_explorer | * | |
| microsoft | internet_explorer | 5 | |
| microsoft | internet_explorer | 5.01 | |
| microsoft | internet_explorer | 6 | |
| microsoft | internet_explorer | 6 | |
| microsoft | internet_explorer | 6 | |
| microsoft | internet_explorer | 7 | |
| microsoft | internet_explorer | 7.0.5730 | |
| microsoft | internet_explorer | 8 | |
| microsoft | internet_explorer | 8 | |
| microsoft | internet_explorer | 8.0b | |
| microsoft | pocket_ie | 1.0 | |
| microsoft | pocket_ie | 1.1 | |
| microsoft | pocket_ie | 2.0 | |
| microsoft | pocket_ie | 3.0 | |
| microsoft | pocket_ie | 4.0 | |
| microsoft | pocket_ie | 2002 | |
| microsoft | pocket_ie | 2003 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:*:beta2:*:*:*:*:*:*",
"matchCriteriaId": "BFF1D247-1AF2-44C6-81D2-9C868A62BC00",
"versionEndIncluding": "8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5:*:*:*:*:*:*:*",
"matchCriteriaId": "B4071D03-D955-4C1B-ACD8-A864F7D0FA02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*",
"matchCriteriaId": "F3F2A51E-2675-4993-B9C2-F2D176A92857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*",
"matchCriteriaId": "693D3C1C-E3E4-49DB-9A13-44ADDFF82507",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp2:*:*:*:*:*:*",
"matchCriteriaId": "59159262-BA89-46B9-B16F-0CC6A5502C58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*",
"matchCriteriaId": "1A33FA7F-BB2A-4C66-B608-72997A2BD1DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0.5730:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B85C32-02F5-43F5-8BBB-5A240F99BAA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*",
"matchCriteriaId": "A52E757F-9B41-43B4-9D67-3FEDACA71283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:8:beta1:*:*:*:*:*:*",
"matchCriteriaId": "06E95EE4-23D8-40F7-9DFF-6C835AB62AE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:8.0b:*:*:*:*:*:*:*",
"matchCriteriaId": "21CCF994-2F4D-44FE-89F7-0F92734D5AF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:pocket_ie:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4AC33FCB-8A30-497E-8369-D6A0A30EEB23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:pocket_ie:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F51C049-0E1B-42DE-898D-E18B350EE7D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:pocket_ie:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F5354582-A1D1-46CB-A05A-A086820C1013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:pocket_ie:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8075385C-29C6-4E2D-938A-CD1444892609",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:pocket_ie:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3168D511-6FFD-40D0-B46B-352C6A1CF34C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:pocket_ie:2002:*:*:*:*:*:*:*",
"matchCriteriaId": "87D57619-255D-46DD-9C32-E4B7F5F3689A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:pocket_ie:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "E6284FCA-2362-42A2-A9FE-E6E385191E4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 8, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site\u0027s context, by modifying an http page to include an https iframe that references a script file on an http site, related to \"HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages.\""
},
{
"lang": "es",
"value": "Microsoft Internet Explorer 8, y posiblemente otras versiones, detecta contenido http en p\u00e1ginas web https solamente en marcos de alto nivel que usan https, lo que permite a los atacantes \"hombre en el medio\" ejecutar arbitrariamente una secuencia de comandos web, en un contexto de una p\u00e1gina https, modificando una p\u00e1gina http que incluya un iframe https que referencia a un archivo de secuencia de comandos en un sitio http, relativo a p\u00e1ginas \"HTTP-Intended-but-HTTPS-Loadable (HPIHSL)\"."
}
],
"id": "CVE-2009-2064",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-06-15T19:30:05.593",
"references": [
{
"source": "cve@mitre.org",
"url": "http://research.microsoft.com/apps/pubs/default.aspx?id=79323"
},
{
"source": "cve@mitre.org",
"url": "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/35403"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51186"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://research.microsoft.com/apps/pubs/default.aspx?id=79323"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35403"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51186"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2003-1275
Vulnerability from fkie_nvd - Published: 2003-12-31 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Pocket Internet Explorer (PIE) 3.0 allows remote attackers to cause a denial of service (crash) via a Javascript function that uses the object.innerHTML function to recursively call that function.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:pocket_ie:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8075385C-29C6-4E2D-938A-CD1444892609",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Pocket Internet Explorer (PIE) 3.0 allows remote attackers to cause a denial of service (crash) via a Javascript function that uses the object.innerHTML function to recursively call that function."
}
],
"id": "CVE-2003-1275",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-01/0013.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/11004.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/6507"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-01/0013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/11004.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/6507"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2009-2064 (GCVE-0-2009-2064)
Vulnerability from cvelistv5 – Published: 2009-06-15 19:00 – Updated: 2024-08-07 05:36
VLAI?
Summary
Microsoft Internet Explorer 8, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:36:20.943Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ie-https-security-bypass(51186)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51186"
},
{
"name": "35403",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35403"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://research.microsoft.com/apps/pubs/default.aspx?id=79323"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-05-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 8, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site\u0027s context, by modifying an http page to include an https iframe that references a script file on an http site, related to \"HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ie-https-security-bypass(51186)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51186"
},
{
"name": "35403",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35403"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://research.microsoft.com/apps/pubs/default.aspx?id=79323"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2064",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 8, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site\u0027s context, by modifying an http page to include an https iframe that references a script file on an http site, related to \"HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ie-https-security-bypass(51186)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51186"
},
{
"name": "35403",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35403"
},
{
"name": "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf",
"refsource": "MISC",
"url": "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf"
},
{
"name": "http://research.microsoft.com/apps/pubs/default.aspx?id=79323",
"refsource": "MISC",
"url": "http://research.microsoft.com/apps/pubs/default.aspx?id=79323"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2064",
"datePublished": "2009-06-15T19:00:00",
"dateReserved": "2009-06-15T00:00:00",
"dateUpdated": "2024-08-07T05:36:20.943Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-1275 (GCVE-0-2003-1275)
Vulnerability from cvelistv5 – Published: 2005-11-16 07:37 – Updated: 2024-09-16 17:43
VLAI?
Summary
Pocket Internet Explorer (PIE) 3.0 allows remote attackers to cause a denial of service (crash) via a Javascript function that uses the object.innerHTML function to recursively call that function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:19:46.088Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20030103 JS Bug makes it possible to deliberately crash Pocket PC IE",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-01/0013.html"
},
{
"name": "6507",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6507"
},
{
"name": "pie-javascript-objectinnerhtml-dos(11004)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/11004.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pocket Internet Explorer (PIE) 3.0 allows remote attackers to cause a denial of service (crash) via a Javascript function that uses the object.innerHTML function to recursively call that function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-16T07:37:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20030103 JS Bug makes it possible to deliberately crash Pocket PC IE",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-01/0013.html"
},
{
"name": "6507",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6507"
},
{
"name": "pie-javascript-objectinnerhtml-dos(11004)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/11004.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1275",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pocket Internet Explorer (PIE) 3.0 allows remote attackers to cause a denial of service (crash) via a Javascript function that uses the object.innerHTML function to recursively call that function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030103 JS Bug makes it possible to deliberately crash Pocket PC IE",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-01/0013.html"
},
{
"name": "6507",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6507"
},
{
"name": "pie-javascript-objectinnerhtml-dos(11004)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/11004.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1275",
"datePublished": "2005-11-16T07:37:00Z",
"dateReserved": "2005-11-16T00:00:00Z",
"dateUpdated": "2024-09-16T17:43:06.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2064 (GCVE-0-2009-2064)
Vulnerability from nvd – Published: 2009-06-15 19:00 – Updated: 2024-08-07 05:36
VLAI?
Summary
Microsoft Internet Explorer 8, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:36:20.943Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ie-https-security-bypass(51186)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51186"
},
{
"name": "35403",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35403"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://research.microsoft.com/apps/pubs/default.aspx?id=79323"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-05-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 8, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site\u0027s context, by modifying an http page to include an https iframe that references a script file on an http site, related to \"HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ie-https-security-bypass(51186)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51186"
},
{
"name": "35403",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35403"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://research.microsoft.com/apps/pubs/default.aspx?id=79323"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2064",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 8, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site\u0027s context, by modifying an http page to include an https iframe that references a script file on an http site, related to \"HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ie-https-security-bypass(51186)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51186"
},
{
"name": "35403",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35403"
},
{
"name": "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf",
"refsource": "MISC",
"url": "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf"
},
{
"name": "http://research.microsoft.com/apps/pubs/default.aspx?id=79323",
"refsource": "MISC",
"url": "http://research.microsoft.com/apps/pubs/default.aspx?id=79323"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2064",
"datePublished": "2009-06-15T19:00:00",
"dateReserved": "2009-06-15T00:00:00",
"dateUpdated": "2024-08-07T05:36:20.943Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-1275 (GCVE-0-2003-1275)
Vulnerability from nvd – Published: 2005-11-16 07:37 – Updated: 2024-09-16 17:43
VLAI?
Summary
Pocket Internet Explorer (PIE) 3.0 allows remote attackers to cause a denial of service (crash) via a Javascript function that uses the object.innerHTML function to recursively call that function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:19:46.088Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20030103 JS Bug makes it possible to deliberately crash Pocket PC IE",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-01/0013.html"
},
{
"name": "6507",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6507"
},
{
"name": "pie-javascript-objectinnerhtml-dos(11004)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/11004.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pocket Internet Explorer (PIE) 3.0 allows remote attackers to cause a denial of service (crash) via a Javascript function that uses the object.innerHTML function to recursively call that function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-16T07:37:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20030103 JS Bug makes it possible to deliberately crash Pocket PC IE",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-01/0013.html"
},
{
"name": "6507",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6507"
},
{
"name": "pie-javascript-objectinnerhtml-dos(11004)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/11004.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1275",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pocket Internet Explorer (PIE) 3.0 allows remote attackers to cause a denial of service (crash) via a Javascript function that uses the object.innerHTML function to recursively call that function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030103 JS Bug makes it possible to deliberately crash Pocket PC IE",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-01/0013.html"
},
{
"name": "6507",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6507"
},
{
"name": "pie-javascript-objectinnerhtml-dos(11004)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/11004.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1275",
"datePublished": "2005-11-16T07:37:00Z",
"dateReserved": "2005-11-16T00:00:00Z",
"dateUpdated": "2024-09-16T17:43:06.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}