VAR-200407-0006
Vulnerability from variot - Updated: 2023-12-18 11:40Safari 1.2.2 does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. Microsoft Internet Explorer fails to properly restrict access to a document's frames, which may allow an attacker to modify the contents of frames in a different domain. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ Microsoft Internet Explorer 6.0 SP1 Previously, there was a flaw in the cross-domain security check function for the content in the frame, so it opened in a new window Web There is a problem that allows the display of content from different domains within the frame of the page. (CAN-2004-0719) Remote attackers who exploit this issue are trusted Web Disguised to display content in the frame that uses the site's frame to instruct user account and card information input Web By navigating to the site, you may eventually be able to capture important information about the target user. still, Microsoft Windows Server 2003 The default setting for Internet Explorer Enhanced security configuration (Enhanced Security Configuration) Is valid and is not affected by this issue. Also this problem IE 3.x/4.x Previous issues with patches released for (MS98-020) It is reported by the discoverer that it is the same thing. In addition, the problem is Web It also exists in the browser. ・ Opera 7.51 Before (CAN-2004-0717) ・ Microsoft Internet Explorer for Mac 5.2.3 (CAN-2004-0719) ・ Mozilla 1.6 Before (CAN-2004-0718) ・ Mozilla Firebird 0.7 for Linux (CAN-2004-0718) ・ Mozilla Firefox 0.x (CAN-2004-0718) ・ Netscape 7.x (CAN-2004-0718) ・ Safari 1.x (CAN-2004-0720) ・ KDE Konqueror 3.2.3 Before (CAN-2004-0721) The above Web It has been suggested that this problem exists in addition to browser versions.Please refer to the “Overview” for the impact of this vulnerability. An attacker can exploit this issue to change the location of a frame from a different domain. Successful exploits will allow the attacker to access information from the parent document via DOM components that are not domain-reliant (such as the 'onmousedown' event). Internet Explorer 6, 7, and 8 Beta 1 are vulnerable; other versions may also be affected. Apple Safari is reported prone to a cross-domain frame loading vulnerability. It is reported that if the name of a frame rendered in a target site is known, then an attacker may potentially render arbitrary HTML in the frame of the target site. An attacker may exploit this vulnerability to spoof an interface of a trusted web site. To exploit this vulnerability a victim will need to visit a website hosted by an attacker. The attackers site will then spawn a trusted site in a window, if exploited successfully; the attackers site will place data into the IFRAME of the trusted site. This vulnerability may aid in Phishing style attacks. The version of Safari included in Apple Mac OS X versions 1.2.8, 10.3.4, and 10.3.5 is reported vulnerable to this issue. Mac OS X is an operating system used on Mac machines, based on the BSD system. Apple reports that malicious users using malicious WEB sites can inject HTML content into frames used by other domains. As a result, remote users can modify the content of some frames on legitimate web sites that use multiple frames. Cause to deceive target users and obtain other information.
For more information: SA11978
Secunia has constructed a test, which can be used to check if your browser is affected: http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/
The vulnerability has been confirmed in Camino 0.8.4, but does not affect version 0.8.3.
This may be a variant of: SA11966
The vulnerability is confirmed in IE7.
SOLUTION: Do not visit or follow links from untrusted websites.
The vulnerability also affects Internet Explorer: SA11966
SOLUTION: Do not browse untrusted sites while browsing trusted sites.
The following browsers are not affected: * Mozilla Firefox 0.9 for Windows * Mozilla Firefox 0.9.1 for Windows * Mozilla 1.7 for Windows * Mozilla 1.7 for Linux
PROVIDED AND/OR DISCOVERED BY: Reported in Mozilla browser by: Gary McKay
OTHER REFERENCES: SA11966: http://secunia.com/advisories/11966/
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet@packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200407-0006",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "safari",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "1.2.2"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 1.1,
"vendor": "microsoft",
"version": "5.5"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "2.0"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "2.1"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3.0"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "7"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "8"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "5.01"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "6"
},
{
"model": "windows server 2003",
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "2.1 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "2.1 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "2.1 (ws)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (ws)"
},
{
"model": "internet explorer sp1",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "6.0"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "6.0"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "7.0.5730.11"
},
{
"model": "internet explorer beta",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "81"
},
{
"model": "internet explorer beta3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "7.0"
},
{
"model": "internet explorer beta2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "7.0"
},
{
"model": "internet explorer beta1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "7.0"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "7.0"
},
{
"model": "internet explorer sp2 do not use",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "6.0-"
},
{
"model": "internet explorer sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "5.0.1"
},
{
"model": "internet explorer sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "5.0.1"
},
{
"model": "internet explorer sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "5.0.1"
},
{
"model": "internet explorer sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "5.0.1"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "5.0.1"
},
{
"model": "internet explorer sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "5.5"
},
{
"model": "internet explorer sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "5.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.8"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#516627"
},
{
"db": "BID",
"id": "29986"
},
{
"db": "BID",
"id": "10627"
},
{
"db": "BID",
"id": "11140"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000250"
},
{
"db": "NVD",
"id": "CVE-2004-0720"
},
{
"db": "CNNVD",
"id": "CNNVD-200407-048"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:safari:1.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0720"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200407-048"
}
],
"trust": 0.6
},
"cve": "CVE-2004-0720",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2004-0720",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-9150",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2004-0720",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#516627",
"trust": 0.8,
"value": "21.87"
},
{
"author": "CNNVD",
"id": "CNNVD-200407-048",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-9150",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#516627"
},
{
"db": "VULHUB",
"id": "VHN-9150"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000250"
},
{
"db": "NVD",
"id": "CVE-2004-0720"
},
{
"db": "CNNVD",
"id": "CNNVD-200407-048"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Safari 1.2.2 does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. Microsoft Internet Explorer fails to properly restrict access to a document\u0027s frames, which may allow an attacker to modify the contents of frames in a different domain. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ Microsoft Internet Explorer 6.0 SP1 Previously, there was a flaw in the cross-domain security check function for the content in the frame, so it opened in a new window Web There is a problem that allows the display of content from different domains within the frame of the page. (CAN-2004-0719) Remote attackers who exploit this issue are trusted Web Disguised to display content in the frame that uses the site\u0027s frame to instruct user account and card information input Web By navigating to the site, you may eventually be able to capture important information about the target user. still, Microsoft Windows Server 2003 The default setting for Internet Explorer Enhanced security configuration (Enhanced Security Configuration) Is valid and is not affected by this issue. Also this problem IE 3.x/4.x Previous issues with patches released for (MS98-020) It is reported by the discoverer that it is the same thing. In addition, the problem is Web It also exists in the browser. \u30fb Opera 7.51 Before (CAN-2004-0717) \u30fb Microsoft Internet Explorer for Mac 5.2.3 (CAN-2004-0719) \u30fb Mozilla 1.6 Before (CAN-2004-0718) \u30fb Mozilla Firebird 0.7 for Linux (CAN-2004-0718) \u30fb Mozilla Firefox 0.x (CAN-2004-0718) \u30fb Netscape 7.x (CAN-2004-0718) \u30fb Safari 1.x (CAN-2004-0720) \u30fb KDE Konqueror 3.2.3 Before (CAN-2004-0721) The above Web It has been suggested that this problem exists in addition to browser versions.Please refer to the \u201cOverview\u201d for the impact of this vulnerability. \nAn attacker can exploit this issue to change the location of a frame from a different domain. Successful exploits will allow the attacker to access information from the parent document via DOM components that are not domain-reliant (such as the \u0027onmousedown\u0027 event). \nInternet Explorer 6, 7, and 8 Beta 1 are vulnerable; other versions may also be affected. Apple Safari is reported prone to a cross-domain frame loading vulnerability. It is reported that if the name of a frame rendered in a target site is known, then an attacker may potentially render arbitrary HTML in the frame of the target site. \nAn attacker may exploit this vulnerability to spoof an interface of a trusted web site. To exploit this vulnerability a victim will need to visit a website hosted by an attacker. The attackers site will then spawn a trusted site in a window, if exploited successfully; the attackers site will place data into the IFRAME of the trusted site. This vulnerability may aid in Phishing style attacks. \nThe version of Safari included in Apple Mac OS X versions 1.2.8, 10.3.4, and 10.3.5 is reported vulnerable to this issue. Mac OS X is an operating system used on Mac machines, based on the BSD system. Apple reports that malicious users using malicious WEB sites can inject HTML content into frames used by other domains. As a result, remote users can modify the content of some frames on legitimate web sites that use multiple frames. Cause to deceive target users and obtain other information. \n\nFor more information:\nSA11978\n\nSecunia has constructed a test, which can be used to check if your\nbrowser is affected:\nhttp://secunia.com/multiple_browsers_frame_injection_vulnerability_test/\n\nThe vulnerability has been confirmed in Camino 0.8.4, but does not\naffect version 0.8.3. \n\nThis may be a variant of:\nSA11966\n\nThe vulnerability is confirmed in IE7. \n\nSOLUTION:\nDo not visit or follow links from untrusted websites. \n\nThe vulnerability also affects Internet Explorer:\nSA11966\n\nSOLUTION:\nDo not browse untrusted sites while browsing trusted sites. \n\nThe following browsers are not affected:\n* Mozilla Firefox 0.9 for Windows\n* Mozilla Firefox 0.9.1 for Windows\n* Mozilla 1.7 for Windows\n* Mozilla 1.7 for Linux\n\nPROVIDED AND/OR DISCOVERED BY:\nReported in Mozilla browser by:\nGary McKay\n\nOTHER REFERENCES:\nSA11966:\nhttp://secunia.com/advisories/11966/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet@packetstormsecurity.org\n\n----------------------------------------------------------------------\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0720"
},
{
"db": "CERT/CC",
"id": "VU#516627"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000250"
},
{
"db": "BID",
"id": "29986"
},
{
"db": "BID",
"id": "10627"
},
{
"db": "BID",
"id": "11140"
},
{
"db": "VULHUB",
"id": "VHN-9150"
},
{
"db": "PACKETSTORM",
"id": "37894"
},
{
"db": "PACKETSTORM",
"id": "67713"
},
{
"db": "PACKETSTORM",
"id": "33689"
}
],
"trust": 3.51
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2004-0720",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "11978",
"trust": 2.6
},
{
"db": "CERT/CC",
"id": "VU#516627",
"trust": 1.1
},
{
"db": "BID",
"id": "10627",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "30851",
"trust": 0.9
},
{
"db": "SECUNIA",
"id": "11966",
"trust": 0.8
},
{
"db": "BID",
"id": "10921",
"trust": 0.8
},
{
"db": "BID",
"id": "10877",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000250",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200407-048",
"trust": 0.7
},
{
"db": "XF",
"id": "1598",
"trust": 0.6
},
{
"db": "BID",
"id": "11140",
"trust": 0.4
},
{
"db": "BID",
"id": "29986",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-9150",
"trust": 0.1
},
{
"db": "SECUNIA",
"id": "15602",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "37894",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "67713",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "33689",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#516627"
},
{
"db": "VULHUB",
"id": "VHN-9150"
},
{
"db": "BID",
"id": "29986"
},
{
"db": "BID",
"id": "10627"
},
{
"db": "BID",
"id": "11140"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000250"
},
{
"db": "PACKETSTORM",
"id": "37894"
},
{
"db": "PACKETSTORM",
"id": "67713"
},
{
"db": "PACKETSTORM",
"id": "33689"
},
{
"db": "NVD",
"id": "CVE-2004-0720"
},
{
"db": "CNNVD",
"id": "CNNVD-200407-048"
}
]
},
"id": "VAR-200407-0006",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-9150"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:40:05.721000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MS98-020",
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/ms98-020.mspx"
},
{
"title": "mozilla",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/update/data/mozilla.html"
},
{
"title": "kdelibs",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/update/data/kdelibs.html"
},
{
"title": "kdebase",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/update/data/kdebase.html"
},
{
"title": "RHSA-2004:421",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/rhsa-2004-421.html"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.turbolinux.co.jp/"
},
{
"title": "MS98-020",
"trust": 0.8,
"url": "http://www.microsoft.com/japan/technet/security/bulletin/ms98-020.mspx"
},
{
"title": "RHSA-2004:421",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2004-421j.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2004-000250"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0720"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/11978"
},
{
"trust": 1.2,
"url": "http://www.gnucitizen.org/blog/ghost-busters/"
},
{
"trust": 1.2,
"url": "http://sirdarckcat.blogspot.com/2008/05/ghosts-for-ie8-and-ie75730.html"
},
{
"trust": 1.2,
"url": "http://sirdarckcat.blogspot.com/2008/05/browsers-ghost-busters.html"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1598"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/11966/"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/11978/"
},
{
"trust": 0.9,
"url": "http://secunia.com/advisories/30851/"
},
{
"trust": 0.8,
"url": "http://www.w3.org/tr/rec-html40/present/frames.html"
},
{
"trust": 0.8,
"url": "http://msdn.microsoft.com/en-us/library/ms537026(vs.85).aspx"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2004-0720"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2004-0720"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/10921"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/10877"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/10627"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/1598"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/516627"
},
{
"trust": 0.3,
"url": "/archive/1/367471"
},
{
"trust": 0.3,
"url": "/archive/1/367885"
},
{
"trust": 0.3,
"url": "http://www.lists.apple.com/mhonarc/security-announce"
},
{
"trust": 0.3,
"url": "http://www.info.apple.com/usen/security/security_updates.html"
},
{
"trust": 0.3,
"url": "http://www.apple.com/safari/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.3,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/15602/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_vacancies/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/3804/"
},
{
"trust": 0.1,
"url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_specialist/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/12366/"
},
{
"trust": 0.1,
"url": "http://corporate.secunia.com/about_secunia/64/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/3101/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/97/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/2478/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/82/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/761/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet@packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/85/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1543/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/81/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/3256/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1480/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/98/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/3100/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1481/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/84/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/3166/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/2678/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/772/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#516627"
},
{
"db": "VULHUB",
"id": "VHN-9150"
},
{
"db": "BID",
"id": "29986"
},
{
"db": "BID",
"id": "10627"
},
{
"db": "BID",
"id": "11140"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000250"
},
{
"db": "PACKETSTORM",
"id": "37894"
},
{
"db": "PACKETSTORM",
"id": "67713"
},
{
"db": "PACKETSTORM",
"id": "33689"
},
{
"db": "NVD",
"id": "CVE-2004-0720"
},
{
"db": "CNNVD",
"id": "CNNVD-200407-048"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#516627"
},
{
"db": "VULHUB",
"id": "VHN-9150"
},
{
"db": "BID",
"id": "29986"
},
{
"db": "BID",
"id": "10627"
},
{
"db": "BID",
"id": "11140"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000250"
},
{
"db": "PACKETSTORM",
"id": "37894"
},
{
"db": "PACKETSTORM",
"id": "67713"
},
{
"db": "PACKETSTORM",
"id": "33689"
},
{
"db": "NVD",
"id": "CVE-2004-0720"
},
{
"db": "CNNVD",
"id": "CNNVD-200407-048"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-06-27T00:00:00",
"db": "CERT/CC",
"id": "VU#516627"
},
{
"date": "2004-07-27T00:00:00",
"db": "VULHUB",
"id": "VHN-9150"
},
{
"date": "2008-06-27T00:00:00",
"db": "BID",
"id": "29986"
},
{
"date": "2004-06-29T00:00:00",
"db": "BID",
"id": "10627"
},
{
"date": "2004-09-07T00:00:00",
"db": "BID",
"id": "11140"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2004-000250"
},
{
"date": "2005-06-16T05:00:30",
"db": "PACKETSTORM",
"id": "37894"
},
{
"date": "2008-06-27T15:59:22",
"db": "PACKETSTORM",
"id": "67713"
},
{
"date": "2004-07-01T11:28:00",
"db": "PACKETSTORM",
"id": "33689"
},
{
"date": "2004-07-27T04:00:00",
"db": "NVD",
"id": "CVE-2004-0720"
},
{
"date": "2004-07-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200407-048"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-07-15T00:00:00",
"db": "CERT/CC",
"id": "VU#516627"
},
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-9150"
},
{
"date": "2008-06-27T23:10:00",
"db": "BID",
"id": "29986"
},
{
"date": "2004-06-29T00:00:00",
"db": "BID",
"id": "10627"
},
{
"date": "2009-07-12T07:06:00",
"db": "BID",
"id": "11140"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2004-000250"
},
{
"date": "2017-07-11T01:30:24.713000",
"db": "NVD",
"id": "CVE-2004-0720"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200407-048"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "29986"
},
{
"db": "BID",
"id": "10627"
},
{
"db": "BID",
"id": "11140"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft Internet Explorer fails to properly restrict access to frames",
"sources": [
{
"db": "CERT/CC",
"id": "VU#516627"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Failure to Handle Exceptional Conditions",
"sources": [
{
"db": "BID",
"id": "10627"
},
{
"db": "BID",
"id": "11140"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…