CVE-2005-4089Sensitive Information Exposure in Microsoft IE

CWE-2643 documents3 sources
Severity
7.1HIGHNVD
EPSS
34.5%
top 3.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft IEMicrosoft Internet Explorer
Timeline
PublishedDec 8
Latest updateMay 1

Description

Microsoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains that are not valid Cascading Style Sheets (CSS) files, as demonstrated using Google Desktop, aka "CSSXSS" and "CSS Cross-Domain Information Disclosure Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:N/A:NExploitability: 8.6 | Impact: 6.9

Affected Packages2 packages

NVDmicrosoft/ie6.0

🔴Vulnerability Details

2
GHSA
GHSA-27m5-g4hr-5cg5: Microsoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import2022-05-01
CVEList
CVE-2005-4089: Microsoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import2005-12-08
CVE-2005-4089 — Sensitive Information Exposure | cvebase