CVE - CVE-2006-3280

CVE-ID
CVE-2006-3280	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Cross-domain vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, aka "Redirect Cross-Domain Information Disclosure Vulnerability."
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:18682 URL:http://www.securityfocus.com/bid/18682 BUGTRAQ:20060630 Browser bugs hit IE, Firefox today (SANS) URL:http://www.securityfocus.com/archive/1/438785/100/0/threaded BUGTRAQ:20060630 ISC: Firefox immune to outerHTML flaw in MSIE [Was: Browser bugs hit IE, Firefox] URL:http://www.securityfocus.com/archive/1/438811/100/0/threaded BUGTRAQ:20060630 RE: [Full-disclosure] Browser bugs hit IE, Firefox today (SANS) URL:http://www.securityfocus.com/archive/1/438863/100/0/threaded BUGTRAQ:20060630 Re: Browser bugs hit IE, Firefox today (SANS) URL:http://www.securityfocus.com/archive/1/438864/100/0/threaded BUGTRAQ:20060630 Re: [Full-disclosure] Browser bugs hit IE, Firefox today (SANS) URL:http://www.securityfocus.com/archive/1/438788/100/0/threaded BUGTRAQ:20060704 Re: Browser bugs hit IE, Firefox today (SANS) URL:http://www.securityfocus.com/archive/1/439146/100/0/threaded CERT:TA06-220A URL:http://www.us-cert.gov/cas/techalerts/TA06-220A.html CERT-VN:VU#883108 URL:http://www.kb.cert.org/vuls/id/883108 FULLDISC:20060627 IE_ONE_MINOR_ONE_MAJOR URL:http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047398.html MISC:http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060627/3d930eda/PLEBO-2006.06.16-IE_ONE_MINOR_ONE_MAJOR.obj MISC:http://secunia.com/internet_explorer_information_disclosure_vulnerability_test MS:MS06-042 URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042 OVAL:oval:org.mitre.oval:def:738 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A738 SECTRACK:1016388 URL:http://securitytracker.com/id?1016388 SECUNIA:20825 URL:http://secunia.com/advisories/20825 SECUNIA:21396 URL:http://secunia.com/advisories/21396 VUPEN:ADV-2006-2553 URL:http://www.vupen.com/english/advisories/2006/2553 VUPEN:ADV-2006-3212 URL:http://www.vupen.com/english/advisories/2006/3212 XF:ie-redirection-information-disclosure(27452) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/27452
Assigning CNA
MITRE Corporation
Date Record Created
20060628	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20060628)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is a record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)