CVE-2006-3280

Microsoft Internet Explorer 5.0.1 - OuterHTML redirection Handling Information Disclosure

Severity Score

7.5

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Cross-domain vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, aka "Redirect Cross-Domain Information Disclosure Vulnerability."

Vulnerabilidad de dominios cruzados en Microsoft Internet Explorer v6.0 permite a atacantes remotos acceder la información restringida desde otro dominio a través de una etiqueta object con un parámetro data que referencia un enlace en el sitio original del atacante que especifica una cabecera Location HTTP que referencia un sitio objetivo, lo que luego hace que el contenido esté disponible a través del atributo outerHTML del objeto, como "Redirect Cross-Domain Information Disclosure Vulnerability."

*Credits: N/A

CVSS Scores

NISTv2 7.5

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2006-06-27 First Exploit
2006-06-28 CVE Reserved
2006-06-28 CVE Published
2024-08-07 CVE Updated
2024-10-17 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CAPEC

References (21)

URL	Tag	Source
http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047398.html	Mailing List
http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060627/3d930eda/PLEBO-2006.06.16-IE_ONE_MINOR_ONE_MAJOR.obj	X_refsource_misc
http://secunia.com/advisories/21396	Third Party Advisory
http://secunia.com/internet_explorer_information_disclosure_vulnerability_test	X_refsource_misc
http://securitytracker.com/id?1016388	Vdb Entry
http://www.kb.cert.org/vuls/id/883108	Third Party Advisory
http://www.securityfocus.com/archive/1/438785/100/0/threaded	Mailing List
http://www.securityfocus.com/archive/1/438788/100/0/threaded	Mailing List
http://www.securityfocus.com/archive/1/438811/100/0/threaded	Mailing List
http://www.securityfocus.com/archive/1/438863/100/0/threaded	Mailing List
http://www.securityfocus.com/archive/1/438864/100/0/threaded	Mailing List
http://www.securityfocus.com/archive/1/439146/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/18682	Vdb Entry
http://www.us-cert.gov/cas/techalerts/TA06-220A.html	Third Party Advisory
http://www.vupen.com/english/advisories/2006/2553	Vdb Entry
http://www.vupen.com/english/advisories/2006/3212	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/27452	Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A738	Signature

URL	Date	SRC
https://www.exploit-db.com/exploits/28118	2006-06-27

URL	Date	SRC

URL	Date	SRC
http://secunia.com/advisories/20825	2021-07-23
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042	2021-07-23

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Microsoft Search vendor "Microsoft"		Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"				6.0 Search vendor "Microsoft" for product "Internet Explorer" and version "6.0"		-		Affected