Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4089

Overview

Vulnerability Score 7.1 7.1
CVE Id CVE-2005-4089
Last Modified 27 Sep 2011 12:00:00
Published 08 Dec 2005 06:03:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2005-4089

Summary

Microsoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains that are not valid Cascading Style Sheets (CSS) files, as demonstrated using Google Desktop, aka "CSSXSS" and "CSS Cross-Domain Information Disclosure Vulnerability."

Vulnerable Systems

Application

  • Microsoft Ie 6.0


References

VUPEN - ADV-2006-2319

VUPEN - ADV-2005-2804

BID - 15660

MS - MS06-021

MISC - http://www.hacker.co.il/security/ie/css_import.html

SECTRACK - 1016291

SECUNIA - 17564


Last Updated: 27 May 2016 10:41:11