CVE-2003-1026

critical Microsoft
CVSS v3 Base Score
9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS Score
55.8%
Exploitation probability in 30 days
Top 2% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
M
Confidentiality
C
Integrity
C
Availability
C
Published: January 20, 2004 (8150 days ago)
Last Modified: April 16, 2026
Vendor: Microsoft
Source: NVD

Description

Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability."

CWE

CWE-264

Affected Products

microsoft iemicrosoft internet explorer

References

🔗 marc.info 🔗 marc.info 🔗 www.kb.cert.org 🔗 www.safecenter.net 🔗 www.us-cert.gov