Vulnerability Name:

CVE-2006-4560 (CCN-33415)

Assigned:2006-08-14
Published:2006-08-14
Updated:2018-10-17
Summary:Internet Explorer 6 on Windows XP SP2 allows remote attackers to execute arbitrary JavaScript in the context of the browser's session with an arbitrary intranet web server, by hosting script on an Internet web server that can be made inaccessible by the attacker and that has a domain name under the attacker's control, which can force the browser to drop DNS pinning and perform a new DNS query for the domain name after the script is already running.
CVSS v3 Severity:9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
6.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.6 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)
6.1 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Mon Aug 14 2006 - 11:07:31 CDT
(somewhat) breaking the same-origin policy by undermining dns-pinning

Source: MITRE
Type: CNA
CVE-2006-4560

Source: MISC
Type: Exploit
http://polyboy.net/xss/dnsslurp.html

Source: MISC
Type: UNKNOWN
http://shampoo.antville.org/stories/1451301/

Source: CCN
Type: Microsoft Internet Explorer Web site
Internet Explorer: Home Page

Source: OSVDB
Type: UNKNOWN
31329

Source: CCN
Type: OSVDB ID: 31329
Microsoft IE DNS Pinning Intranet Server Arbitrary Javascript Execution

Source: CCN
Type: OSVDB ID: 45525
Microsoft IE Failed Connection DNS Pin Dropping Rebinding Weakness

Source: BUGTRAQ
Type: UNKNOWN
20060814 (somewhat) breaking the same-origin policy by undermining dns-pinning

Source: XF
Type: UNKNOWN
ie-javascript-dnspinning-code-execution(33415)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:microsoft:ie:6.0:sp2:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    microsoft ie 6 windows_server_2003_sp1
    microsoft ie 6.0 sp2