Vulnerability Details

ID: CVE-2002-0153

Last Modified: Oct. 12, 2018

Open in new window

Description

Internet Explorer 5.1 for Macintosh allows remote attackers to bypass security checks and invoke local AppleScripts within a specific HTML element, aka the "Local Applescript Invocation" vulnerability.

CVSS V2

Access Vector: Network

Access Complexity: Low

Authentication: None

Confidentiality Impact: Partial

Integrity Impact: Partial

Availability Impact: Partial

Base Score: 7.5

Exploitability Score: 10.0

Impact Score: 6.4

CVSS V2: AV:N/AC:L/Au:N/C:P/I:P/A:P

Specialize CVSS-Score

CWE-ID

NVD-CWE-Other

Configuration

Condition		Configuration
OR
OR
	cpe:2.3:a:microsoft:ie:5.1::mac_os::::: Part: a Product: ie Edition: mac_os Vendor: microsoft Version: 5.1	Alle Schwachstellen für microsoft
	cpe:2.3:a:microsoft:ie:3.0::mac_os::::: Part: a Product: ie Edition: mac_os Vendor: microsoft Version: 3.0	Alle Schwachstellen für microsoft
	cpe:2.3:a:microsoft:ie:4.0:a_mac_os:::::: Part: a Product: ie Update: a_mac_os Vendor: microsoft Version: 4.0	Alle Schwachstellen für microsoft
	cpe:2.3:a:microsoft:ie:4.5::macintosh::::: Part: a Product: ie Edition: macintosh Vendor: microsoft Version: 4.5	Alle Schwachstellen für microsoft
	cpe:2.3:a:microsoft:ie:3.1::mac_os::::: Part: a Product: ie Edition: mac_os Vendor: microsoft Version: 3.1	Alle Schwachstellen für microsoft
	cpe:2.3:a:microsoft:ie:5.0::macos::::: Part: a Product: ie Edition: macos Vendor: microsoft Version: 5.0	Alle Schwachstellen für microsoft
	cpe:2.3:a:microsoft:ie:4.0::mac_os::::: Part: a Product: ie Edition: mac_os Vendor: microsoft Version: 4.0	Alle Schwachstellen für microsoft
	cpe:2.3:a:microsoft:ie:4.0.1::mac_os::::: Part: a Product: ie Edition: mac_os Vendor: microsoft Version: 4.0.1	Alle Schwachstellen für microsoft

Pre-Condition

                    <?xml version="1.0" ?>
<set operator="and">
    <set operator="or">
        <prop key="application" value="cpe:2.3:a:microsoft:ie:5.1:*:mac_os:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:microsoft:ie:3.0:*:mac_os:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:microsoft:ie:4.0:a_mac_os:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:microsoft:ie:4.5:*:macintosh:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:microsoft:ie:3.1:*:mac_os:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:microsoft:ie:5.0:*:macos:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:microsoft:ie:4.0:*:mac_os:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:microsoft:ie:4.0.1:*:mac_os:*:*:*:*:*"/>
    </set>
    <prop key="program_influence" value="input"/>
    <prop key="range" value="remote"/>
</set>

Post-Condition

                      <?xml version="1.0" ?>
<set operator="and">
    <prop key="target" value="host"/>
    <set operator="or">
        <prop key="program_influence" value="input"/>
        <prop key="program_influence" value="output"/>
        <prop key="program_influence" value="existence"/>
    </set>
    <prop key="data" value="any"/>
    <set operator="or">
        <prop key="data_influence" value="read"/>
        <prop key="data_influence" value="write"/>
        <prop key="data_influence" value="delete"/>
    </set>
    <set operator="or">
        <prop key="range" value="remote"/>
        <prop key="range" value="local"/>
    </set>
</set>