Vulnerability Name: CVE-2008-3473 (CCN-45562) Assigned: 2008-10-14 Published: 2008-10-14 Updated: 2019-10-09 Summary: Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy, and execute arbitrary code or obtain sensitive information, via a crafted HTML document, aka "Event Handling Cross-Domain Vulnerability." CVSS v3 Severity: 6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): LowAvailibility (A): None
CVSS v2 Severity: 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C 6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
5.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N 4.3 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): None
Vulnerability Type: CWE-264 Vulnerability Consequences: Bypass Security References: Source: MITRECVE-2008-3473 SSRT080143 Microsoft Internet Explorer Flaws Permit Cross-Domain Scripting Attacks and Let Remote Users Execute Arbitrary Code MS08-058 Cumulative Security Update for Internet Explorer (956390) Nortel Response to Microsoft Security Bulletin MS08-058 Cumulative Security Update for Internet Explorer (956390) Cumulative Security Update for Internet Explorer (958215) Cumulative Security Update for Internet Explorer (961260) Cumulative Security Update for Internet Explorer (963027) 31616 Microsoft Internet Explorer Event Handling Cross Domain Security Bypass Vulnerability 1021047 TA08-288A ADV-2008-2809 MS08-058 ie-event-security-bypass(45562) ie-event-security-bypass(45562) win-ms08kb956390-update(45565) oval:org.mitre.oval:def:13255 Vulnerable Configuration: Configuration 1 :cpe:/a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:* AND cpe:/o:microsoft:windows_2000:-:sp4:*:*:*:*:*:* Configuration 2 :cpe:/a:microsoft:internet_explorer:6:*:*:*:*:*:*:* AND cpe:/o:microsoft:windows_server_2003:-:sp1:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2003:-:sp1:*:*:*:*:itanium:* OR cpe:/o:microsoft:windows_server_2003:-:sp1:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_xp:-:gold:*:*:professional:*:x64:* OR cpe:/o:microsoft:windows_xp:-:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:* OR cpe:/o:microsoft:windows_xp:-:sp3:*:*:*:*:*:* Configuration 3 :cpe:/a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:* AND cpe:/o:microsoft:windows_2000:-:sp4:*:*:*:*:*:* Configuration 4 :cpe:/a:microsoft:internet_explorer:7:*:*:*:*:*:*:* AND cpe:/o:microsoft:windows_server_2003:-:sp1:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2003:-:sp1:*:*:*:*:itanium:* OR cpe:/o:microsoft:windows_server_2003:-:sp1:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:itanium:* OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:x32:* OR cpe:/o:microsoft:windows_vista:-:gold:*:*:*:*:*:* OR cpe:/o:microsoft:windows_vista:-:gold:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_vista:-:sp1:*:*:*:*:*:* OR cpe:/o:microsoft:windows_vista:-:sp1:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_xp:-:gold:*:*:professional:*:x64:* OR cpe:/o:microsoft:windows_xp:-:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:* OR cpe:/o:microsoft:windows_xp:-:sp3:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:* OR cpe:/a:microsoft:ie:6.0:sp1:*:*:*:*:*:* OR cpe:/a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:x32:* AND cpe:/o:microsoft:windows_2000:-:sp4:*:*:*:*:*:* OR cpe:/o:microsoft:windows:2003_server::x64:*:*:*:*:* OR cpe:/o:microsoft:windows:xp:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows:2003_server:sp1:*:*:*:*:*:* OR cpe:/o:microsoft:windows:2003_server:sp1_itanium:*:*:*:*:*:* OR cpe:/o:microsoft:windows_vista:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows:server_2003:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows:server_2003:sp2:itanium:*:*:*:*:* OR cpe:/o:microsoft:windows:server_2003:sp2:x64:*:*:*:*:* OR cpe:/o:microsoft:windows_vista:-:*:x64:*:*:*:*:* OR cpe:/o:microsoft:windows_xp::sp2:x64:*:professional:*:*:* OR cpe:/o:microsoft:windows_vista:-:sp1:*:*:*:*:*:* OR cpe:/o:microsoft:windows_vista:-:sp1:x64:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:itanium:* OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:x64:* OR cpe:/o:microsoft:windows:xp:sp3:*:*:*:*:*:* Oval Definitions Definition ID Class Title Last Modified oval:org.mitre.oval:def:13255 V Information disclosure vulnerability in Internet Explorer due to improper event-handling 2014-08-18
BACK
microsoft internet explorer 5.01 sp4
microsoft windows 2000 - sp4
microsoft internet explorer 6
microsoft windows server 2003 - sp1
microsoft windows server 2003 - sp1
microsoft windows server 2003 - sp1
microsoft windows server 2003 - sp2
microsoft windows xp - gold
microsoft windows xp - sp2
microsoft windows xp - sp2
microsoft windows xp - sp3
microsoft internet explorer 6 sp1
microsoft windows 2000 - sp4
microsoft internet explorer 7
microsoft windows server 2003 - sp1
microsoft windows server 2003 - sp1
microsoft windows server 2003 - sp1
microsoft windows server 2003 - sp2
microsoft windows server 2008 -
microsoft windows server 2008 -
microsoft windows server 2008 -
microsoft windows vista - gold
microsoft windows vista - gold
microsoft windows vista - sp1
microsoft windows vista - sp1
microsoft windows xp - gold
microsoft windows xp - sp2
microsoft windows xp - sp2
microsoft windows xp - sp3
microsoft ie 6.0
microsoft ie 6.0 sp1
microsoft ie 7.0
microsoft windows server 2008 -
microsoft windows 2000 - sp4
microsoft windows 2003_server
microsoft windows xp sp2
microsoft windows 2003_server sp1
microsoft windows 2003_server sp1_itanium
microsoft windows vista *
microsoft windows server_2003 sp2
microsoft windows server_2003 sp2
microsoft windows server_2003 sp2
microsoft windows vista -
microsoft windows xp sp2
microsoft windows vista - sp1
microsoft windows vista - sp1
microsoft windows server 2008 -
microsoft windows server 2008 -
microsoft windows xp sp3
Denotes that component is vulnerable