Vulnerability Details : CVE-2002-0027
Internet Explorer 5.5 and 6.0 allows remote attackers to read certain files and spoof the URL in the address bar by using the Document.open function to pass information between two frames from different domains, a new variant of the "Frame Domain Verification" vulnerability described in MS:MS01-058/CAN-2001-0874.
Exploit prediction scoring system (EPSS) score for CVE-2002-0027
Probability of exploitation activity in the next 30 days: 1.06%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 82 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2002-0027
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2002-0027
-
http://www.securityfocus.com/bid/3721
Exploit;Patch;Vendor Advisory
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-005
-
http://www.securityfocus.com/archive/1/246522
Vendor Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A974
Products affected by CVE-2002-0027
- cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*