CVE-2008-2948
Microsoft Internet Explorer 7/8 Beta 1 - Frame Location Cross Domain Security Bypass
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Cross-domain vulnerability in Microsoft Internet Explorer 7 and 8 allows remote attackers to change the location property of a frame via the Object data type, and use a frame from a different domain to observe domain-independent events, as demonstrated by observing onkeydown events with caballero-listener. NOTE: according to Microsoft, this is a duplicate of CVE-2008-2947, possibly a different attack vector.
Una vulnerabilidad de tipo cross-domain en Microsoft Internet Explorer versiones 7 y 8, permite a los atacantes remotos cambiar la propiedad de ubicación de una trama por medio del tipo de dato Object y usar una trama de un dominio diferente para observar eventos independientes del dominio, como se demuestra mediante la observación de eventos onkeydown con caballero-listener. NOTA: según Microsoft, este es un duplicado del CVE-2008-2947, posiblemente un vector de ataque diferente.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2008-06-27 First Exploit
- 2008-06-30 CVE Reserved
- 2008-06-30 CVE Published
- 2024-03-21 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://blogs.zdnet.com/security/?p=1348 | X_refsource_misc | |
| http://sirdarckcat.blogspot.com/2008/05/ghosts-for-ie8-and-ie75730.html | X_refsource_misc | |
| http://technet.microsoft.com/en-us/security/cc405107.aspx#EHD | X_refsource_misc | |
| http://www.gnucitizen.org/blog/ghost-busters | X_refsource_misc | |
| http://www.kb.cert.org/vuls/id/516627 | Third Party Advisory |
|
| http://www.vupen.com/english/advisories/2008/1941/references | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/31996 | 2008-06-27 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/30851 | 2021-07-23 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 7 Search vendor "Microsoft" for product "Internet Explorer" and version "7" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 8 Search vendor "Microsoft" for product "Internet Explorer" and version "8" | - |
Affected
| ||||||