| Revision Date: | 2015-08-03 | Version: | 51 | | Title: | Redirect Cross-Domain Information Disclosure Vulnerability | | Description: | Cross-domain vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, aka "Redirect Cross-Domain Information Disclosure Vulnerability." | | Family: | windows | Class: | vulnerability | | Status: | ACCEPTED | Reference(s): | CVE-2006-3280
| | Platform(s): | Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Windows XP
| Product(s): | Microsoft Internet Explorer
| | Definition Synopsis | | Server 2003-Gold Microsoft Windows Server 2003 (x86) Gold is installed
AND Microsoft Internet Explorer 6 is installed
AND the version of mshtml.dll is less than 6.0.3790.554
XP,SP1 (64-bit) and Server 2003, SP1
Windows XP (64-bit,SP1) or Server 2003 (SP1) is installed
Microsoft Windows XP SP1 (64-bit) is installed
OR Microsoft Windows Server 2003 SP1 (x86) is installed
AND Microsoft Internet Explorer 6 is installed
AND the version of mshtml.dll is less than 6.0.3790.2759
IE 6 on Windows XP,SP2
Microsoft Windows XP SP2 or later is installed
AND Microsoft Internet Explorer 6 is installed
AND Mshtml.dll version is less than 6.0.2900.2963
IE 6 on Windows 2000 or XP,SP1 (32-bit)
Win2K,SP4 or XP,SP1 (32-bit) is installed
Microsoft Windows 2000 SP4 or later is installed
OR Microsoft Windows XP SP1 (32-bit) is installed
AND Microsoft Internet Explorer 6 is installed
AND the version of mshtml.dll is less than 6.0.2800.1561
IE 5.01,SP4 on Win2k,SP4
Microsoft Windows 2000 SP4 or later is installed
AND Microsoft Internet Explorer 5.01 SP4 is installed
AND the version of mshtml.dll is less than 5.0.3842.3000
|
|