Cross-domain vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 7 allows remote malicious users to access restricted information from other domains via JavaScript that uses the Object data type for the value of a (1) location or (2) location.href property, related to incorrect determination of the origin of web script, aka "Window Location Property Cross-Domain Vulnerability." NOTE: according to Microsoft, CVE-2008-2948 and CVE-2008-2949 are duplicates of this issue, probably different attack vectors.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft internet explorer 5.01 |
||
microsoft internet explorer 6 |
||
microsoft internet explorer 7 |