Search

published date: June 27, 2001

CVE-2001-0332 : Internet Explorer 5.5 and...

Description

Internet Explorer 5.5 and earlier does not properly verify the domain of a frame within a browser window, which allows remote web site operators to read certain files on the client by sending information from a local frame to a frame in a different domain using MSScriptControl.ScriptControl and GetObject, aka a variant of the "Frame Domain Verification" vulnerability.

Product(s):

  • Microsoft Internet Explorer 5.01
  • Microsoft Internet Explorer 5.01 Service Pack 1
  • Microsoft Internet Explorer 5.01 Service Pack 2
  • Microsoft Internet Explorer 5.01 Service Pack 3
  • Microsoft Internet Explorer 5.01 Service Pack 4
  • Microsoft Internet Explorer 5.5

Question to Ask Vendors:

  1. Can you confirm whether your systems are affected by CVE-2001-0332, and if so, what steps are you currently taking to mitigate this vulnerability?
  2. What is your estimated timeline for fully resolving CVE-2001-0332 in your products or services, and how will you communicate updates on this issue to us as your customer?

READY TO GET RESULTS YOU CAN TRUST?