CVE-2000-0028

CVSS 2.0 Score 2.6 of 10 (low)

Details

Published Dec 23, 1999
Updated: Nov 20, 2024

Summary

CVE-2000-0028 is a vulnerability affecting Internet Explorer 5.0 and 5.01. Hackers can exploit this issue to bypass the cross-frame security policy and access files on the victim's system. This vulnerability stems from the external.NavigateAndFind function, which does not adhere to the same-origin policy, allowing malicious content from one frame to access resources in another. Attackers can leverage this to read sensitive files and potentially gain unauthorized access to user data. This issue poses a significant security risk and requires users to apply relevant patches or updates as soon as possible.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Microsoft Internet Explorer

Affected Vendors

  • Microsoft