Vulnerabilities > CVE-2006-5152 - Unspecified vulnerability in Microsoft Internet Explorer 6.0.2900
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL network
microsoft
Summary
Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL that is returned in a large HTTP 404 error message without an explicit charset, a related issue to CVE-2006-0032.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
References
- http://www.securityfocus.com/archive/1/447516/100/0/threaded
- http://www.securityfocus.com/archive/1/447574/100/0/threaded
- http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0017.html
- http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0030.html
- http://www.osvdb.org/31328
- http://www.securityfocus.com/archive/1/447509/100/0/threaded