← back
CVE-2008-2949

CVE-2008-2949

EPSS 20.5%
Cross-domain vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to change the location property of a frame via the String data type, and use a frame from a different domain to observe domain-independent events, as demonstrated by observing onkeydown events with caballero-listener. NOTE: according to Microsoft, this is a duplicate of CVE-2008-2947, possibly a different attack vector.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/31996unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://blogs.zdnet.com/security/?p=1348http://sirdarckcat.blogspot.com/2008/05/browsers-ghost-busters.htmlhttp://technet.microsoft.com/en-us/security/cc405107.aspx#EHDhttp://www.kb.cert.org/vuls/id/516627http://www.vupen.com/english/advisories/2008/1941/references