{"vuid":"VU#355971","idnumber":"355971","name":"Microsoft Internet Explorer executes scripts when scripting has been disabled after bypassing initial security checks","keywords":["Microsoft Internet Explorer","script","initial security checks","scripting disabled","MS02-05"],"overview":"A vulnerability exists in Microsoft Internet Explorer that could permit an attacker to execute arbitrary script, even if the user has specifically disabled active scripting.","clean_desc":"Internet Explorer permits users to customize settings that enable and disable the ability of scripts to run on a web site. A vulnerability exists in Microsoft Internet Explorer, versions 5.5 up to and including SP2 and version 6, that could permit an attacker to execute arbitrary script, even if the user has specifically disabled active scripting.","impact":"A remote attacker can execute arbitrary script even though the user has disabled active scripting. Note that the script will still obey all zone restrictions for the domain.","resolution":"Apply the patch specified in Microsoft's Security Bulletin (MS02-005).","workarounds":"","sysaffected":"","thanks":"This vulnerability was reported in a Microsoft Security Bulletin.","author":"This document was written by Jason A Rafail.","public":["http://www.securityfocus.com/bid/4082","http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-005.asp"],"cveids":["CVE-2002-0026"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2002-02-12T22:06:31Z","publicdate":"2002-02-11T00:00:00Z","datefirstpublished":"2002-10-01T15:02:12Z","dateupdated":"2002-10-01T15:02:23Z","revision":11,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"20","cam_exploitation":"0","cam_internetinfrastructure":"5","cam_population":"15","cam_impact":"15","cam_easeofexploitation":"11","cam_attackeraccessrequired":"18","cam_scorecurrent":"20.8828125","cam_scorecurrentwidelyknown":"20.8828125","cam_scorecurrentwidelyknownexploited":"37.5890625","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":20.8828125,"vulnote":null}