JVNDB-2005-000775

Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2010-10-12 16:44
Severity ?
() - -
Summary
Vulnerability involving security zone handling in applications using Internet Explorer components
Details
Internet Explorer (IE) components apply different security levels for web content processing depending on the location (zone) of the web content. As a result, web content on the Internet is processed in the "Internet" zone with a higher security level than that set for web content in the "Intranet" zone. However, we have confirmed that some applications using IE components may process web content in an inappropriate zone.
References
Impacted products
Show details on JVN DB website
To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000775.html",
  "dc:date": "2010-10-12T16:44+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2010-10-12T16:44+09:00",
  "description": "Internet Explorer (IE) components apply different security levels for web content processing depending on the location (zone) of the web content.\r\n\r\nAs a result, web content on the Internet is processed in the \"Internet\" zone with a higher security level than that set for web content in the \"Intranet\" zone.\r\n\r\nHowever, we have confirmed that some applications using IE components may process web content in an inappropriate zone.",
  "link": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000775.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:fujitsu:atlas",
      "@product": "ATLAS",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:atlas_translation",
      "@product": "ATLAS Translation",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:bizlingo",
      "@product": "BizLingo",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:es_at_school",
      "@product": "ES@SCHOOL",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:hiragana_navi",
      "@product": "Hiragana Navi",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:japanist",
      "@product": "Japanist",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:rakuraku_browser",
      "@product": "Rakuraku Browser",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:rakuraku_mail",
      "@product": "Rakuraku Mail",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:simplia_jf_clientmate",
      "@product": "SIMPLIA/JF ClientMate",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:simplia_tf-webtest",
      "@product": "SIMPLIA/TF-WebTest",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:translation_surfin",
      "@product": "Translation Surfin",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:dnasis_pro",
      "@product": "DNASIS Pro",
      "@vendor": "Hitachi Software Engineering Co.,Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:justsystems:netas_seed",
      "@product": "NETA\u0027s Seed",
      "@vendor": "JustSystems Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:misc:paper_2001",
      "@product": "Paper 2001",
      "@vendor": "YMIRLINK Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:misc:paper_copi",
      "@product": "Paper copi",
      "@vendor": "YMIRLINK Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "6.4",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2005-000775",
  "sec:references": {
    "#text": "http://jvn.jp/en/jp/JVN257C6F28/index.html",
    "@id": "JVN#257C6F28",
    "@source": "JVN"
  },
  "title": "Vulnerability involving security zone handling in applications using Internet Explorer components"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.