CVE-2006-3280

EPSS 55.9%

Cross-domain vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, aka "Redirect Cross-Domain Information Disclosure Vulnerability."

Affected products

n/a · n/a

public PoCs found — 1

exploitdbwww.exploit-db.com/exploits/28118unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047398.html http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060627/3d930eda/PLEBO-2006.06.16-IE_ONE_MINOR_ONE_MAJOR.obj https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042 http://secunia.com/advisories/20825 http://secunia.com/advisories/21396 http://secunia.com/internet_explorer_information_disclosure_vulnerability_test http://securitytracker.com/id?1016388 https://exchange.xforce.ibmcloud.com/vulnerabilities/27452 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A738 http://www.kb.cert.org/vuls/id/883108 http://www.securityfocus.com/archive/1/438785/100/0/threaded http://www.securityfocus.com/archive/1/438788/100/0/threaded