Vulnerabilities > CVE-2006-3280 - Unspecified vulnerability in Microsoft Internet Explorer 6.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Cross-domain vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, aka "Redirect Cross-Domain Information Disclosure Vulnerability."
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | Microsoft Internet Explorer 5.0.1 OuterHTML Redirection Handling Information Disclosure Vulnerability. CVE-2006-3280. Remote exploit for windows platform |
id | EDB-ID:28118 |
last seen | 2016-02-03 |
modified | 2006-06-27 |
published | 2006-06-27 |
reporter | Plebo Aesdi Nael |
source | https://www.exploit-db.com/download/28118/ |
title | Microsoft Internet Explorer 5.0.1 OuterHTML Redirection Handling Information Disclosure Vulnerability |
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS06-042.NASL |
description | The remote host is missing IE Cumulative Security Update 918899. The remote version of IE is vulnerable to several flaws that could allow an attacker to execute arbitrary code on the remote host. Note that Microsoft has re-released this hotfix since the initial version contained a buffer overflow. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 22184 |
published | 2006-08-08 |
reporter | This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/22184 |
title | MS06-042: Cumulative Security Update for Internet Explorer (918899) |
code |
|
Oval
accepted | 2015-08-03T04:02:05.904-04:00 | ||||||||||||||||||||||||||||||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||||||||||||||||||||||||||||||
contributors |
| ||||||||||||||||||||||||||||||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||||||||||||||||||||||||||||||
description | Cross-domain vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, aka "Redirect Cross-Domain Information Disclosure Vulnerability." | ||||||||||||||||||||||||||||||||||||||||||||||||
family | windows | ||||||||||||||||||||||||||||||||||||||||||||||||
id | oval:org.mitre.oval:def:738 | ||||||||||||||||||||||||||||||||||||||||||||||||
status | accepted | ||||||||||||||||||||||||||||||||||||||||||||||||
submitted | 2006-08-11T12:53:40 | ||||||||||||||||||||||||||||||||||||||||||||||||
title | Redirect Cross-Domain Information Disclosure Vulnerability | ||||||||||||||||||||||||||||||||||||||||||||||||
version | 78 |
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047398.html
- http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060627/3d930eda/PLEBO-2006.06.16-IE_ONE_MINOR_ONE_MAJOR.obj
- http://www.securityfocus.com/bid/18682
- http://secunia.com/advisories/20825
- http://www.kb.cert.org/vuls/id/883108
- http://securitytracker.com/id?1016388
- http://secunia.com/internet_explorer_information_disclosure_vulnerability_test
- http://www.us-cert.gov/cas/techalerts/TA06-220A.html
- http://secunia.com/advisories/21396
- http://www.vupen.com/english/advisories/2006/2553
- http://www.vupen.com/english/advisories/2006/3212
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27452
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A738
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042
- http://www.securityfocus.com/archive/1/439146/100/0/threaded
- http://www.securityfocus.com/archive/1/438864/100/0/threaded
- http://www.securityfocus.com/archive/1/438863/100/0/threaded
- http://www.securityfocus.com/archive/1/438811/100/0/threaded
- http://www.securityfocus.com/archive/1/438788/100/0/threaded
- http://www.securityfocus.com/archive/1/438785/100/0/threaded