Vulnerability Name:

CVE-2006-6985 (CCN-27452)

Assigned:2006-06-27
Published:2006-06-27
Updated:2011-03-08
Summary:Cross-domain vulnerability in Maxthon 1.5.6 build 42 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.
CVSS v3 Severity:3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N)
1.9 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Obtain Information
References:Source: CCN
Type: Full-Disclosure Mailing List, Tue Jun 27 2006 - 04:19:35 CDT
IE_ONE_MINOR_ONE_MAJOR

Source: MITRE
Type: CNA
CVE-2006-3280

Source: MITRE
Type: CNA
CVE-2006-6983

Source: MITRE
Type: CNA
CVE-2006-6984

Source: MITRE
Type: CNA
CVE-2006-6985

Source: MITRE
Type: CNA
CVE-2006-6986

Source: MITRE
Type: CNA
CVE-2006-6987

Source: MITRE
Type: CNA
CVE-2006-6988

Source: MITRE
Type: CNA
CVE-2006-6989

Source: MITRE
Type: CNA
CVE-2006-6990

Source: MITRE
Type: CNA
CVE-2006-6991

Source: MITRE
Type: CNA
CVE-2006-6992

Source: CCN
Type: UNSECURED SYSTEMS Tuesday, June 27, 2006
Multiple Browsers Information Disclosure vuln.

Source: MISC
Type: UNKNOWN
http://pridels0.blogspot.com/2006/06/multiple-browsers-information.html

Source: CCN
Type: SA20825
Internet Explorer Information Disclosure and HTA Application Execution

Source: CCN
Type: SA21396
Internet Explorer Multiple Vulnerabilities

Source: CCN
Type: SECTRACK ID: 1016388
Microsoft Windows Explorer Lets Remote Users Access Information in Other Domains and Execute HTA Applications

Source: CCN
Type: ASA-2006-154
Windows Security Updates for August 2006 - (MS06-040 - MS06-051)

Source: CCN
Type: US-CERT VU#883108
Microsoft Internet Explorer HTML Document object cross-domain vulnerability

Source: CCN
Type: Microsoft Security Bulletin MS06-042
Cumulative Security Update for Internet Explorer (918899)

Source: CCN
Type: Microsoft Security Bulletin MS06-067
Cumulative Security Update for Internet Explorer (922760)

Source: CCN
Type: Microsoft Security Bulletin MS06-072
Cumulative Security Update for Internet Explorer (925454)

Source: CCN
Type: Microsoft Security Bulletin MS07-016
Cumulative Security Update for Internet Explorer (928090)

Source: CCN
Type: Microsoft Security Bulletin MS07-027
Cumulative Security Update for Internet Explorer (931768)

Source: CCN
Type: Microsoft Security Bulletin MS07-033
Cumulative Security Update for Internet Explorer (933566)

Source: CCN
Type: Microsoft Security Bulletin MS07-045
Cumulative Security Update for Internet Explorer (937143)

Source: CCN
Type: Microsoft Security Bulletin MS07-057
Cumulative Security Update for Internet Explorer (939653)

Source: CCN
Type: Microsoft Security Bulletin MS07-069
Cumulative Security Update for Internet Explorer (942615)

Source: CCN
Type: Microsoft Security Bulletin MS08-010
Cumulative Security Update for Internet Explorer (944533)

Source: CCN
Type: Microsoft Security Bulletin MS08-024
Cumulative Security Update for Internet Explorer (947864)

Source: CCN
Type: Microsoft Security Bulletin MS08-031
Cumulative Security Update for Internet Explorer (950759)

Source: CCN
Type: Microsoft Security Bulletin MS08-045
Cumulative Security Update for Internet Explorer (953838)

Source: CCN
Type: Microsoft Security Bulletin MS08-058
Cumulative Security Update for Internet Explorer (956390)

Source: CCN
Type: BID-18682
Microsoft Internet Explorer OuterHTML Redirection Handling Information Disclosure Vulnerability

Source: CCN
Type: US-CERT Technical Cyber Security Alert TA06-220A
Microsoft Windows, Office, and Internet Explorer Vulnerabilities

Source: XF
Type: UNKNOWN
ie-redirection-information-disclosure(27452)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:maxthon:maxthon:1.5.6_build_42:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*
  • OR cpe:/a:more_quick_tools:greenbrowser:3.4.0622:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    maxthon maxthon 1.5.6_build_42
    microsoft ie 6.0
    microsoft ie 6.0 sp1
    microsoft ie 5.01 sp4
    more_quick_tools greenbrowser 3.4.0622