漏洞信息详情
Microsoft Internet Explorer BackToFramedJPU 跨域策略漏洞
- CNNVD编号:CNNVD-200401-046
- 危害等级: 超危
![图片[1]-Microsoft Internet Explorer BackToFramedJPU 跨域策略漏洞-一一网](https://www.proyy.com/skycj/data/images/2021-05-17/c4e67a37c54aee8c0e1983d8333a9158.png)
- CVE编号:
CVE-2003-1026
- 漏洞类型:
权限许可和访问控制
- 发布时间:
2004-01-20
- 威胁类型:
远程
- 更新时间:
2005-10-20
- 厂 商:
microsoft - 漏洞来源:
Discovery credited… -
漏洞简介
Internet Explorer 5.01到6 SP1版本存在漏洞。远程攻击者可以借助子框架中的javascript protocol URL 绕过区限制,当调用history.back (back)函数时,该漏洞被加入到历史目录并且在顶层窗口区域中执行。也称为“Travel Log Cross Domain 漏洞”。
漏洞公告
Microsoft has released a cumulative security update (MS04-004) to address this issue in affected versions of Microsoft Internet Explorer. Users are strongly advised to obtain fixes as soon as possible.
Microsoft Internet Explorer 5.0.1 SP1
-
Microsoft Cumulative Security Update for Internet Explorer 5.01 for Windows 2000 Service Pack 2 (KB832894)For Internet Explorer 5.01 running on Windows 2000 Service Pack 2.
http://www.microsoft.com/downloads/details.aspx?FamilyId=17904608-DCEE
-4C99-A780-81D6DBC48DD5&displaylang=en -
Microsoft Cumulative Security Update for Internet Explorer 5.01 for Windows 2000 Service Pack 3 (KB832894)For Internet Explorer 5.01 running on Windows 2000 SP 3.
http://www.microsoft.com/downloads/details.aspx?FamilyId=202D3AAC-6B56
-4F4A-8C0F-4183C77B6B51&displaylang=en -
Microsoft Cumulative Security Update for Internet Explorer 5.01 for Windows 2000 Service Pack 4 (KB832894)For Internet Explorer 5.01 running on Windows 2000 SP 4.
http://www.microsoft.com/downloads/details.aspx?FamilyId=F5E74139-6E0E
-49FD-9AA2-36D2D8454A92&displaylang=en
Microsoft Internet Explorer 5.0.1 SP3
-
Microsoft Cumulative Security Update for Internet Explorer 5.01 for Windows 2000 Service Pack 2 (KB832894)For Internet Explorer 5.01 running on Windows 2000 Service Pack 2.
http://www.microsoft.com/downloads/details.aspx?FamilyId=17904608-DCEE
-4C99-A780-81D6DBC48DD5&displaylang=en -
Microsoft Cumulative Security Update for Internet Explorer 5.01 for Windows 2000 Service Pack 3 (KB832894)For Internet Explorer 5.01 running on Windows 2000 SP 3.
http://www.microsoft.com/downloads/details.aspx?FamilyId=202D3AAC-6B56
-4F4A-8C0F-4183C77B6B51&displaylang=en -
Microsoft Cumulative Security Update for Internet Explorer 5.01 for Windows 2000 Service Pack 4 (KB832894)For Internet Explorer 5.01 running on Windows 2000 SP 4.
http://www.microsoft.com/downloads/details.aspx?FamilyId=F5E74139-6E0E
-49FD-9AA2-36D2D8454A92&displaylang=en
Microsoft Internet Explorer 5.0.1
-
Microsoft Cumulative Security Update for Internet Explorer 5.01 for Windows 2000 Service Pack 2 (KB832894)For Internet Explorer 5.01 running on Windows 2000 Service Pack 2.
http://www.microsoft.com/downloads/details.aspx?FamilyId=17904608-DCEE
-4C99-A780-81D6DBC48DD5&displaylang=en -
Microsoft Cumulative Security Update for Internet Explorer 5.01 for Windows 2000 Service Pack 3 (KB832894)For Internet Explorer 5.01 running on Windows 2000 SP 3.
http://www.microsoft.com/downloads/details.aspx?FamilyId=202D3AAC-6B56
-4F4A-8C0F-4183C77B6B51&displaylang=en -
Microsoft Cumulative Security Update for Internet Explorer 5.01 for Windows 2000 Service Pack 4 (KB832894)For Internet Explorer 5.01 running on Windows 2000 SP 4.
http://www.microsoft.com/downloads/details.aspx?FamilyId=F5E74139-6E0E
-49FD-9AA2-36D2D8454A92&displaylang=en
Microsoft Internet Explorer 5.0.1 SP4
-
Microsoft Cumulative Security Update for Internet Explorer 5.01 for Windows 2000 Service Pack 2 (KB832894)For Internet Explorer 5.01 running on Windows 2000 Service Pack 2.
http://www.microsoft.com/downloads/details.aspx?FamilyId=17904608-DCEE
-4C99-A780-81D6DBC48DD5&displaylang=en -
Microsoft Cumulative Security Update for Internet Explorer 5.01 for Windows 2000 Service Pack 3 (KB832894)For Internet Explorer 5.01 running on Windows 2000 SP 3.
http://www.microsoft.com/downloads/details.aspx?FamilyId=202D3AAC-6B56
-4F4A-8C0F-4183C77B6B51&displaylang=en -
Microsoft Cumulative Security Update for Internet Explorer 5.01 for Windows 2000 Service Pack 4 (KB832894)For Internet Explorer 5.01 running on Windows 2000 SP 4.
http://www.microsoft.com/downloads/details.aspx?FamilyId=F5E74139-6E0E
-49FD-9AA2-36D2D8454A92&displaylang=en
Microsoft Internet Explorer 5.0.1 SP2
-
Microsoft Cumulative Security Update for Internet Explorer 5.01 for Windows 2000 Service Pack 2 (KB832894)For Internet Explorer 5.01 running on Windows 2000 Service Pack 2.
http://www.microsoft.com/downloads/details.aspx?FamilyId=17904608-DCEE
-4C99-A780-81D6DBC48DD5&displaylang=en -
Microsoft Cumulative Security Update for Internet Explorer 5.01 for Windows 2000 Service Pack 3 (KB832894)For Internet Explorer 5.01 running on Windows 2000 SP 3.
http://www.microsoft.com/downloads/details.aspx?FamilyId=202D3AAC-6B56
-4F4A-8C0F-4183C77B6B51&displaylang=en -
Microsoft Cumulative Security Update for Internet Explorer 5.01 for Windows 2000 Service Pack 4 (KB832894)For Internet Explorer 5.01 running on Windows 2000 SP 4.
http://www.microsoft.com/downloads/details.aspx?FamilyId=F5E74139-6E0E
-49FD-9AA2-36D2D8454A92&displaylang=en
Microsoft Internet Explorer 5.5 SP2
-
Microsoft Cumulative Security Update for Internet Explorer 5.5 Service Pack 2 (KB832894)
http://www.microsoft.com/downloads/details.aspx?FamilyId=EFFE87F6-7ACA
-4A54-B767-5597DDE95C6F&displaylang=en
Microsoft Internet Explorer 6.0 SP1
-
Microsoft Cumulative Security Update for Internet Explorer 6 Service Pack 1 (KB832894)
http://www.microsoft.com/downloads/details.aspx?FamilyId=70530968-B59A
-47C0-90D3-0C884910BC97&displaylang=en -
Microsoft Cumulative Security Update for Internet Explorer 6 SP1 64-bit Edition (KB832894)For Internet Explorer 6 SP 1 running on Windows XP 64-bit platforms.
参考网址
来源:US-CERT Technical Alert: TA04-033A
名称: TA04-033A
链接:http://www.us-cert.gov/cas/techalerts/TA04-033A.html来源:US-CERT Vulnerability Note: VU#784102
名称: VU#784102
链接:http://www.kb.cert.org/vuls/id/784102来源: BUGTRAQ
名称: 20031125 BackToFramedJpu – a successor of BackToJpu attack
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=106979349517578&w=2来源: XF
名称: ie-subframe-xss(13846)
链接:http://xforce.iss.net/xforce/xfdb/13846来源: www.safecenter.net
链接:http://www.safecenter.net/UMBRELLAWEBV4/BackToFramedJpu来源: MS
名称: MS04-004
链接:http://www.microsoft.com/technet/security/bulletin/ms04-004.asp来源: BUGTRAQ
名称: 20031201 Comments on 5 IE vulnerabilities
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=107038202225587&w=2来源: US Government Resource: oval:org.mitre.oval:def:805
名称: oval:org.mitre.oval:def:805
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:805来源: US Government Resource: oval:org.mitre.oval:def:774
名称: oval:org.mitre.oval:def:774
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:774来源: US Government Resource: oval:org.mitre.oval:def:745
名称: oval:org.mitre.oval:def:745
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:745来源: US Government Resource: oval:org.mitre.oval:def:689
名称: oval:org.mitre.oval:def:689
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:689来源: US Government Resource: oval:org.mitre.oval:def:687
名称: oval:org.mitre.oval:def:687
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:687来源: US Government Resource: oval:org.mitre.oval:def:643
名称: oval:org.mitre.oval:def:643
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:643来源: US Government Resource: oval:org.mitre.oval:def:630
名称: oval:org.mitre.oval:def:630
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:630
![[桜井宁宁]COS和泉纱雾超可爱写真福利集-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/4d3cf227a85d7e79f5d6b4efb6bde3e8.jpg)
![[桜井宁宁] 爆乳奶牛少女cos写真-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/d40483e126fcf567894e89c65eaca655.jpg)
