Vulnerabilities > CVE-2009-3003 - Unspecified vulnerability in Microsoft Internet Explorer 6/7/8

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
microsoft
NVD
Published: 2009-08-28
Updated: 2017-09-19

Summary

Microsoft Internet Explorer 6 through 8 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page.

Vulnerable Configurations

Part Description Count
Application
Microsoft
3

Oval

accepted2011-08-15T04:00:09.212-04:00
classvulnerability
contributors
nameDragos Prisaca
organizationSymantec Corporation
definition_extensions
  • commentMicrosoft Internet Explorer 6 is installed
    ovaloval:org.mitre.oval:def:563
  • commentMicrosoft Internet Explorer 7 is installed
    ovaloval:org.mitre.oval:def:627
  • commentMicrosoft Internet Explorer 8 is installed
    ovaloval:org.mitre.oval:def:6210
descriptionMicrosoft Internet Explorer 6 through 8 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page.
familywindows
idoval:org.mitre.oval:def:12817
statusaccepted
submitted2011-06-28T13:00:00
titleMicrosoft Internet Explorer 6 through 8 spoofing vulnerability
version7

References