CVE - CVE-2006-3280 (under review)

About CVE

Terminology
Documents
FAQs
CVE List

About CVE Identifiers
Search CVE
Search NVD
Updates & RSS Feeds
Request a CVE-ID
CVE In Use

CVE-Compatible Products
NVD for CVE Fix Information
CVE Numbering Authorities
News & Events

Calendar
Free Newsletter
Community

CVE Editorial Board
Sponsor
Contact Us

Search the Site

CVE List

About CVE Identifiers
Editorial Policies
Data Sources
Reference Key/Maps
Search Tips
Updates & RSS Feeds
Obtain a CVE Identifier

Items of Interest

Terminology
NVD

CVE-ID
CVE-2006-3280 (under review)	Learn more at National Vulnerability Database (NVD) • Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Description
Cross-domain vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, aka "Redirect Cross-Domain Information Disclosure Vulnerability."
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20060630 Browser bugs hit IE, Firefox today (SANS) URL:http://www.securityfocus.com/archive/1/archive/1/438785/100/0/threaded BUGTRAQ:20060630 ISC: Firefox immune to outerHTML flaw in MSIE [Was: Browser bugs hit IE, Firefox] URL:http://www.securityfocus.com/archive/1/archive/1/438811/100/0/threaded BUGTRAQ:20060630 RE: [Full-disclosure] Browser bugs hit IE, Firefox today (SANS) URL:http://www.securityfocus.com/archive/1/archive/1/438863/100/0/threaded BUGTRAQ:20060630 Re: Browser bugs hit IE, Firefox today (SANS) URL:http://www.securityfocus.com/archive/1/archive/1/438864/100/0/threaded BUGTRAQ:20060630 Re: [Full-disclosure] Browser bugs hit IE, Firefox today (SANS) URL:http://www.securityfocus.com/archive/1/archive/1/438788/100/0/threaded BUGTRAQ:20060704 Re: Browser bugs hit IE, Firefox today (SANS) URL:http://www.securityfocus.com/archive/1/archive/1/439146/100/0/threaded FULLDISC:20060627 IE_ONE_MINOR_ONE_MAJOR URL:http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047398.html MISC:http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060627/3d930eda/PLEBO-2006.06.16-IE_ONE_MINOR_ONE_MAJOR.obj MISC:http://secunia.com/internet_explorer_information_disclosure_vulnerability_test MS:MS06-042 URL:http://www.microsoft.com/technet/security/bulletin/ms06-042.mspx CERT:TA06-220A URL:http://www.us-cert.gov/cas/techalerts/TA06-220A.html CERT-VN:VU#883108 URL:http://www.kb.cert.org/vuls/id/883108 BID:18682 URL:http://www.securityfocus.com/bid/18682 VUPEN:ADV-2006-2553 URL:http://www.vupen.com/english/advisories/2006/2553 VUPEN:ADV-2006-3212 URL:http://www.vupen.com/english/advisories/2006/3212 OVAL:oval:org.mitre.oval:def:738 URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:738 SECTRACK:1016388 URL:http://securitytracker.com/id?1016388 SECUNIA:20825 URL:http://secunia.com/advisories/20825 SECUNIA:21396 URL:http://secunia.com/advisories/21396 XF:ie-redirection-information-disclosure(27452) URL:http://xforce.iss.net/xforce/xfdb/27452
Status
Candidate	This CVE Identifier has "Candidate" status and must be reviewed and accepted by the CVE Editorial Board before it can be updated to official "Entry" status on the CVE List. It may be modified or even rejected in the future.
Phase
Assigned (20060628)
Votes

Comments

Candidate assigned on 20060628 and proposed on N/A
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org