BlackKite: Home
Menu

PUBLISHED DATE: June 27, 2001CVE-2001-0332:
Internet Explorer 5.5 and...

CVSS:
5
EPSS:
1808.50%
Exploitability:
10
In KEV:
No
Description

Internet Explorer 5.5 and earlier does not properly verify the domain of a frame within a browser window, which allows remote web site operators to read certain files on the client by sending information from a local frame to a frame in a different domain using MSScriptControl.ScriptControl and GetObject, aka a variant of the "Frame Domain Verification" vulnerability.

Products
Questions to Ask Vendors
  1. Can you confirm whether your systems are affected by CVE-2001-0332, and if so, what steps are you currently taking to mitigate this vulnerability?
  2. What is your estimated timeline for fully resolving CVE-2001-0332 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions
References

Ready to get results you can trust?