Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3474

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-3474
Last Modified 26 Jan 2012 10:29:41
Published 14 Oct 2008 08:12:15
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-3474

Summary

Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy and obtain sensitive information via a crafted HTML document, aka "Cross-Domain Information Disclosure Vulnerability."

Vulnerable Systems

Application

  • Microsoft Internet Explorer 5.01

  • Microsoft Internet Explorer 6

  • Microsoft Internet Explorer 7


References

CERT - TA08-288A

MS - MS08-058

XF - ie-script-origin-information-disclosure(45854)

XF - win-ms08kb956390-update(45565)

VUPEN - ADV-2008-2809

SECTRACK - 1021047

HP - SSRT080143

HP - HPSBST02379

Related Patches

MS08-058 Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 x64 Edition (KB956390)

MS08-058 Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 x64 Edition (KB956390)


Last Updated: 27 May 2016 10:49:56