VDB

CERTCC-2003-652452

CERTCC-2003-652452 PUBLISHED

Microsoft Internet Explorer (IE) does not adequately validate javascript: protocol URLs. An attacker could exploit this vulnerability to evaluate script in different security domains. By causing script to be evaluated in the Local Machine Zone, the attacker could execute arbitrary code with the privileges of the user running IE.

Timeline

  • Sep 10, 2003 CVE Published
  • May 13, 2004 CVE Updated
  • Mar 17, 2026 Security Advisory

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›