Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3472

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-3472
Last Modified 26 Jan 2012 10:29:41
Published 14 Oct 2008 08:12:15
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-3472

Summary

Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy, and execute arbitrary code or obtain sensitive information, via a crafted HTML document, aka "HTML Element Cross-Domain Vulnerability."

Vulnerable Systems

Application

  • Microsoft Internet Explorer 5.01

  • Microsoft Internet Explorer 6

  • Microsoft Internet Explorer 7


References

CERT - TA08-288A

BID - 31654

BID - 31615

MS - MS08-058

XF - win-ms08kb956390-update(45565)

XF - ie-element-security-bypass(45558)

VUPEN - ADV-2008-2809

SECTRACK - 1021047

HP - SSRT080143

HP - HPSBST02379

Related Patches

MS08-058 Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 x64 Edition (KB956390)

MS08-058 Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 x64 Edition (KB956390)


Last Updated: 27 May 2016 10:49:57