Vulnerability Name:

CCN-16443

Published:2004-06-15
Updated:2004-06-15
Summary:Microsoft Internet Explorer is vulnerable to cross-site scripting. A remote attacker could create a malicious Web page containing a wildcard DNS entry and malicious code, which would be executed in the victim's Web browser within the security context of the hosting site, once the page is visited. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
CVSS v3 Severity:3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)
2.4 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:H/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Tue Jun 15 2004 - 10:17:07 CDT
MAGIC XSS INTO THE DNS: coelacanth

Source: CCN
Type: BID-10554
Microsoft Internet Explorer Wildcard DNS Cross-Site Scripting Vulnerability

Source: XF
Type: UNKNOWN
ie-wildcard-dns-xss(16443)

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:microsoft:ie:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    microsoft ie *