Vulnerabilidad en Microsoft Internet Explorer 6.0 (CVE-2006-3280)
Gravedad CVSS v2.0:
ALTA
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
28/06/2006
Última modificación:
03/04/2025
Descripción
Vulnerabilidad de dominios cruzados en Microsoft Internet Explorer v6.0 permite a atacantes remotos acceder la información restringida desde otro dominio a través de una etiqueta object con un parámetro data que referencia un enlace en el sitio original del atacante que especifica una cabecera Location HTTP que referencia un sitio objetivo, lo que luego hace que el contenido esté disponible a través del atributo outerHTML del objeto, como "Redirect Cross-Domain Information Disclosure Vulnerability."
Impacto
Puntuación base 2.0
7.50
Gravedad 2.0
ALTA
Productos y versiones vulnerables
| CPE | Desde | Hasta |
|---|---|---|
| cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:* |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página
Referencias a soluciones, herramientas e información
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047398.html
- http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060627/3d930eda/PLEBO-2006.06.16-IE_ONE_MINOR_ONE_MAJOR.obj
- http://secunia.com/advisories/20825
- http://secunia.com/advisories/21396
- http://secunia.com/internet_explorer_information_disclosure_vulnerability_test
- http://securitytracker.com/id?1016388=
- http://www.kb.cert.org/vuls/id/883108
- http://www.securityfocus.com/archive/1/438785/100/0/threaded
- http://www.securityfocus.com/archive/1/438788/100/0/threaded
- http://www.securityfocus.com/archive/1/438811/100/0/threaded
- http://www.securityfocus.com/archive/1/438863/100/0/threaded
- http://www.securityfocus.com/archive/1/438864/100/0/threaded
- http://www.securityfocus.com/archive/1/439146/100/0/threaded
- http://www.securityfocus.com/bid/18682
- http://www.us-cert.gov/cas/techalerts/TA06-220A.html
- http://www.vupen.com/english/advisories/2006/2553
- http://www.vupen.com/english/advisories/2006/3212
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27452
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A738
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047398.html
- http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060627/3d930eda/PLEBO-2006.06.16-IE_ONE_MINOR_ONE_MAJOR.obj
- http://secunia.com/advisories/20825
- http://secunia.com/advisories/21396
- http://secunia.com/internet_explorer_information_disclosure_vulnerability_test
- http://securitytracker.com/id?1016388=
- http://www.kb.cert.org/vuls/id/883108
- http://www.securityfocus.com/archive/1/438785/100/0/threaded
- http://www.securityfocus.com/archive/1/438788/100/0/threaded
- http://www.securityfocus.com/archive/1/438811/100/0/threaded
- http://www.securityfocus.com/archive/1/438863/100/0/threaded
- http://www.securityfocus.com/archive/1/438864/100/0/threaded
- http://www.securityfocus.com/archive/1/439146/100/0/threaded
- http://www.securityfocus.com/bid/18682
- http://www.us-cert.gov/cas/techalerts/TA06-220A.html
- http://www.vupen.com/english/advisories/2006/2553
- http://www.vupen.com/english/advisories/2006/3212
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27452
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A738