Описание
Cross-domain vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 7 allows remote attackers to access restricted information from other domains via JavaScript that uses the Object data type for the value of a (1) location or (2) location.href property, related to incorrect determination of the origin of web script, aka "Window Location Property Cross-Domain Vulnerability." NOTE: according to Microsoft, CVE-2008-2948 and CVE-2008-2949 are duplicates of this issue, probably different attack vectors.
Ссылки
- Press/Media Coverage
- Mailing List
- Permissions RequiredVendor Advisory
- Third Party AdvisoryUS Government Resource
- Exploit
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryUS Government Resource
- Broken Link
- Broken Link
- Press/Media Coverage
- Mailing List
- Permissions RequiredVendor Advisory
- Third Party AdvisoryUS Government Resource
- Exploit
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Одно из
EPSS
6.8 Medium
CVSS2
Дефекты
Связанные уязвимости
Cross-domain vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 7 allows remote attackers to access restricted information from other domains via JavaScript that uses the Object data type for the value of a (1) location or (2) location.href property, related to incorrect determination of the origin of web script, aka "Window Location Property Cross-Domain Vulnerability." NOTE: according to Microsoft, CVE-2008-2948 and CVE-2008-2949 are duplicates of this issue, probably different attack vectors.
EPSS
6.8 Medium
CVSS2