CVE-2006-3280

Severity

75%

Complexity

99%

Confidentiality

106%

Cross-domain vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, aka "Redirect Cross-Domain Information Disclosure Vulnerability."

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

First reported 18 years ago

2006-06-28 22:05:00

Last updated 6 years ago

2018-10-18 16:46:00

Affected Software

Microsoft Internet Explorer 6.0

6.0

References

20060627 IE_ONE_MINOR_ONE_MAJOR

http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060627/3d930eda/PLEBO-2006.06.16-IE_ONE_MINOR_ONE_MAJOR.obj

20825

Vendor Advisory

21396

http://secunia.com/internet_explorer_information_disclosure_vulnerability_test

1016388

VU#883108

US Government Resource

20060630 Browser bugs hit IE, Firefox today (SANS)

20060630 Re: [Full-disclosure] Browser bugs hit IE, Firefox today (SANS)

20060630 ISC: Firefox immune to outerHTML flaw in MSIE [Was: Browser bugs hit IE, Firefox]

20060630 RE: [Full-disclosure] Browser bugs hit IE, Firefox today (SANS)

20060630 Re: Browser bugs hit IE, Firefox today (SANS)

20060704 Re: Browser bugs hit IE, Firefox today (SANS)

18682

TA06-220A