| Vulnerability Name: | CVE-2007-3576 | ||||||||
| Assigned: | 2007-07-05 | ||||||||
| Published: | 2007-07-05 | ||||||||
| Updated: | 2021-07-23 | ||||||||
| Summary: | ** DISPUTED ** Microsoft Internet Explorer 6 executes web script from URIs of arbitrary scheme names ending with the "script" character sequence, using the (1) vbscript: handler for scheme names with 7 through 9 characters, and the (2) javascript: handler for scheme names with 10 or more characters, which might allow remote attackers to bypass certain XSS protection schemes. Note: other researchers dispute the significance of this issue, stating "this only works when typed in the address bar." | ||||||||
| CVSS v3 Severity: | 3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| References: | Source: MITRE Type: CNA CVE-2007-3576 Source: MISC Type: Exploit http://groups.google.com/group/php-ids/browse_thread/thread/3ec15f69d6b3dba0 Source: MISC Type: Exploit http://ha.ckers.org/blog/20070702/ie60-protocol-guessing/ Source: OSVDB Type: UNKNOWN 45813 Source: MISC Type: Exploit http://sla.ckers.org/forum/read.php?2,13209,13218 Source: MISC Type: Exploit http://www.0x000000.com/?i=375 | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||