Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4089


Vulnerability Score 7.1 7.1
CVE Id CVE-2005-4089
Last Modified 27 Sep 2011 12:00:00
Published 08 Dec 2005 06:03:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE



Microsoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains that are not valid Cascading Style Sheets (CSS) files, as demonstrated using Google Desktop, aka "CSSXSS" and "CSS Cross-Domain Information Disclosure Vulnerability."

Vulnerable Systems


  • Microsoft Ie 6.0


VUPEN - ADV-2006-2319

VUPEN - ADV-2005-2804

BID - 15660

MS - MS06-021


SECTRACK - 1016291

SECUNIA - 17564

Last Updated: 27 May 2016 10:41:11