| Vulnerability Name: | CVE-2006-3640 (CCN-28042) | ||||||||
| Assigned: | 2006-08-08 | ||||||||
| Published: | 2006-08-08 | ||||||||
| Updated: | 2021-07-23 | ||||||||
| Summary: | Microsoft Internet Explorer 5.01 and 6 allows certain script to persist across navigations between pages, which allows remote attackers to obtain the window location of visited web pages in other domains or zones, aka "Window Location Information Disclosure Vulnerability." | ||||||||
| CVSS v3 Severity: | 4.8 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
3.0 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: MITRE Type: CNA CVE-2006-3640 Source: CCN Type: SA21396 Internet Explorer Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 21396 Source: CCN Type: SECTRACK ID: 1016663 Microsoft Internet Explorer Bugs Let Remote Users Obtain Information or Execute Arbitrary Code Source: SECTRACK Type: UNKNOWN 1016663 Source: CCN Type: ASA-2006-154 Windows Security Updates for August 2006 - (MS06-040 - MS06-051) Source: CCN Type: Microsoft Security Bulletin MS06-042 Cumulative Security Update for Internet Explorer (918899) Source: CCN Type: Microsoft Security Bulletin MS06-067 Cumulative Security Update for Internet Explorer (922760) Source: CCN Type: Microsoft Security Bulletin MS06-072 Cumulative Security Update for Internet Explorer (925454) Source: CCN Type: Microsoft Security Bulletin MS07-016 Cumulative Security Update for Internet Explorer (928090) Source: CCN Type: Microsoft Security Bulletin MS07-027 Cumulative Security Update for Internet Explorer (931768) Source: CCN Type: Microsoft Security Bulletin MS07-033 Cumulative Security Update for Internet Explorer (933566) Source: CCN Type: Microsoft Security Bulletin MS07-045 Cumulative Security Update for Internet Explorer (937143) Source: CCN Type: Microsoft Security Bulletin MS07-057 Cumulative Security Update for Internet Explorer (939653) Source: CCN Type: Microsoft Security Bulletin MS07-069 Cumulative Security Update for Internet Explorer (942615) Source: CCN Type: Microsoft Security Bulletin MS08-010 Cumulative Security Update for Internet Explorer (944533) Source: CCN Type: Microsoft Security Bulletin MS08-024 Cumulative Security Update for Internet Explorer (947864) Source: CCN Type: Microsoft Security Bulletin MS08-031 Cumulative Security Update for Internet Explorer (950759) Source: CCN Type: Microsoft Security Bulletin MS08-045 Cumulative Security Update for Internet Explorer (953838) Source: CCN Type: Microsoft Security Bulletin MS08-058 Cumulative Security Update for Internet Explorer (956390) Source: OSVDB Type: UNKNOWN 27850 Source: CCN Type: OSVDB ID: 27850 Microsoft IE Cross Site Window Location Information Disclosure Source: BID Type: UNKNOWN 19339 Source: CCN Type: BID-19339 Microsoft Internet Explorer Window Location Cross-Domain Information Disclosure Vulnerability Source: CCN Type: US-CERT Technical Cyber Security Alert TA06-220A Microsoft Windows, Office, and Internet Explorer Vulnerabilities Source: VUPEN Type: UNKNOWN ADV-2006-3212 Source: MS Type: UNKNOWN MS06-042 Source: XF Type: UNKNOWN ie-location-obtain-information(28042) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:171 | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||