Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-3280Microsoft Internet Explorer vulnerability

23 documents3 sources
Severity
7.8HIGHNVD
NVD7.5NVD5.0
EPSS
62.1%
top 1.64%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
11
Advanced Search Technologies INC Enigma BrowserFast BrowserFlashpeak Slim Browser+8 more
Timeline
PublishedJun 28
Latest updateMay 1

Description

Cross-domain vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, aka "Redirect Cross-Domain Information Disclosure Vulnerability."

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages11 packages

NVDmaxthon/maxthon1.5.6_build_42
NVDnetcaptor/netcaptor4.5.7_personal
NVDflashpeak/slim_browser4.07_build_100

🔴Vulnerability Details

11
GHSA
GHSA-mvgc-fgw6-3gxx: Cross-domain vulnerability in Microsoft Internet Explorer 62022-05-01
GHSA
GHSA-6mmm-jx2q-hx92: Cross-domain vulnerability in PhaseOut 52022-05-01
GHSA
GHSA-fg3g-q7pq-h8mx: Cross-domain vulnerability in FineBrowser Freeware 32022-05-01
GHSA
GHSA-x92r-4rhh-jrqc: Cross-domain vulnerability in Fast Browser Pro 82022-05-01
GHSA
GHSA-rj75-vrwf-xch7: Cross-domain vulnerability in MYweb4net Browser 32022-05-01

💥Exploits & PoCs

1
Exploit-DB
Microsoft Internet Explorer 5.0.1 - OuterHTML redirection Handling Information Disclosure2006-06-27
CVE-2006-3280 — Microsoft vulnerability | cvebase