Vulnerabilities > CVE-2009-3003 - Unspecified vulnerability in Microsoft Internet Explorer 6/7/8
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE network
microsoft
Summary
Microsoft Internet Explorer 6 through 8 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |
Oval
accepted | 2011-08-15T04:00:09.212-04:00 | ||||||||||||
class | vulnerability | ||||||||||||
contributors |
| ||||||||||||
definition_extensions |
| ||||||||||||
description | Microsoft Internet Explorer 6 through 8 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page. | ||||||||||||
family | windows | ||||||||||||
id | oval:org.mitre.oval:def:12817 | ||||||||||||
status | accepted | ||||||||||||
submitted | 2011-06-28T13:00:00 | ||||||||||||
title | Microsoft Internet Explorer 6 through 8 spoofing vulnerability | ||||||||||||
version | 7 |