VDB

GCVE-110-CERTCC-2004-713878

GCVE-110-CERTCC-2004-713878
Advisory PublishedCVSS 7.5/10
Vulnetix · Advisory published June 3, 2004
Microsoft Internet Explorer (IE) does not adequately validate the security context of a frame that has been redirected by a web server. An attacker could exploit this vulnerability to evaluate script in different security domains. By causing script to be evaluated in the Local Machine Zone, the attacker could execute arbitrary code with the privileges of the user running IE.

Risk Scores

CVSS 2.0
7.5/10
High · AV:N/AC:L/Au:N/C:P/I:P/A:P
certcc-cam
certcc-cam
impact15population20exploitation20widely_known18score_current64.8ease_of_exploitation15
certcc-vrda
certcc-vrda
d1_impact4d1_population4d1_direct_report0
certcc-cvss-temporal-env
certcc-cvss-temporal-env
temporal_score6.5remediation_levelOFreport_confidenceCenvironmental_score6.5target_distributionHenvironmental_vectorCDP:ND/TD:H/CR:ND/IR:ND/AR:ND

References

Browse GCVE Records

73,118 records in the GCVE database · Updated July 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›