| Revision Date: | 2011-05-16 | Version: | 45 |
| Title: | CSS Cross-Domain Information Disclosure Vulnerability (WinS03) |
| Description: | Microsoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains that are not valid Cascading Style Sheets (CSS) files, as demonstrated using Google Desktop, aka "CSSXSS" and "CSS Cross-Domain Information Disclosure Vulnerability." |
| Family: | windows | Class: | vulnerability |
| Status: | ACCEPTED | Reference(s): | CVE-2005-4089
|
| Platform(s): | Microsoft Windows Server 2003
| Product(s): | Microsoft Internet Explorer
|
| Definition Synopsis |
| Windows Server 2003 is installed AND NOT Win2K/XP/2003 is patched
AND the version of mshtml.dll is less than 6.0.3790.536
|