Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 08/12/2005 Updated: 23/07/2021

CVSS v2 Base Score: 7.1 | Impact Score: 6.9 | Exploitability Score: 8.6

VMScore: 632

Vector: AV:N/AC:M/Au:N/C:C/I:N/A:N

Microsoft Internet Explorer allows remote malicious users to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains that are not valid Cascading Style Sheets (CSS) files, as demonstrated using Google Desktop, aka "CSSXSS" and "CSS Cross-Domain Information Disclosure Vulnerability."

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft ie 6.0
microsoft internet explorer 6.0

CWE-264 http://www.hacker.co.il/security/ie/css_import.html http://www.securityfocus.com/bid/15660 http://secunia.com/advisories/17564 http://securitytracker.com/id?1016291 http://www.vupen.com/english/advisories/2006/2319 http://www.vupen.com/english/advisories/2005/2804 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1985 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1977 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1914 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1838 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1800 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1556 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2005-4089

Vulnerability Summary

References

Vulmon Search

About

Products

Connect