Vulnerabilities > CVE-2009-3003 - Unspecified vulnerability in Microsoft Internet Explorer 6/7/8
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Microsoft Internet Explorer 6 through 8 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Oval
| accepted | 2011-08-15T04:00:09.212-04:00 | ||||||||||||
| class | vulnerability | ||||||||||||
| contributors |
| ||||||||||||
| definition_extensions |
| ||||||||||||
| description | Microsoft Internet Explorer 6 through 8 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page. | ||||||||||||
| family | windows | ||||||||||||
| id | oval:org.mitre.oval:def:12817 | ||||||||||||
| status | accepted | ||||||||||||
| submitted | 2011-06-28T13:00:00 | ||||||||||||
| title | Microsoft Internet Explorer 6 through 8 spoofing vulnerability | ||||||||||||
| version | 7 |
References
- http://lostmon.blogspot.com/2009/08/multiple-browsers-fake-url-folder-file.html
- http://lostmon.blogspot.com/2009/08/multiple-browsers-fake-url-folder-file.html
- http://secunia.com/advisories/36334
- http://secunia.com/advisories/36334
- https://exchange.xforce.ibmcloud.com/vulnerabilities/53005
- https://exchange.xforce.ibmcloud.com/vulnerabilities/53005
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12817
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12817