VDB
CVE-2001-1410
CVE-2001-1410
PUBLISHED
CVSS 5 MEDIUM
Internet Explorer 6 and earlier allows remote attackers to create chromeless windows using the Javascript window.createPopup method, which could allow attackers to simulate a victim's display and conduct unauthorized activities or steal sensitive data via social engineering.
EPSS 61.59% · 98.4th percentile
Risk Scores
CVSS 2.0
5
EPSS Score
61.59%
98.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | * |
| microsoft | internet_explorer | 5.5, 5.5, 5.5 |
Timeline
- Jul 17, 2003 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 26, 2023 EPSS Score
- Aug 1, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
- Dec 22, 2023 EPSS Score
References
- 20030713 IE chromeless window vulnerabilities mailing-list
- ie-javascript-spoof-dialog(7313) vdb
- 3469 vdb
- 20030715 Internet Explorer Full-Screen mode threats mailing-list
- http://www.systemintegra.com/ie-fullscreen/ url
- VU#490708 third-party-advisory
- 20011021 Javascript in IE may spoof the whole screen mailing-list
- http://www.guninski.com/popspoof.html url
- http://www.doxdesk.com/personal/posts/bugtraq/20030713-ie/ url
- https://nvd.nist.gov/vuln/detail/CVE-2001-1410 advisory
- http://www.doxdesk.com/personal/posts/bugtraq/20030713-ie url
- http://www.systemintegra.com/ie-fullscreen url