cbcvebase.
CVE-2006-3280
published 2006-06-28

CVE-2006-3280: Cross-domain vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to access restricted information from other domains via an object tag…

PriorityP337high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
55.92%
98.9th percentile
Cross-domain vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, aka "Redirect Cross-Domain Information Disclosure Vulnerability."

Affected

11 ranges
VendorProductVersion rangeFixed in
advanced_search_technologies_incenigma_browser
fast_browserfast_browser
flashpeakslim_browser
gosurf_browsergosurf_browser
maxthonmaxthon
microsoftinternet_explorer
more_quick_toolsgreenbrowser
myweb4netmyweb4net_browser
netcaptornetcaptor
phaseoutphaseout
softinformfinebrowser

Detection & IOCsextracted from sources · hover to see the quote

filenamei.html
filenamer.php
commandsetTimeout('alert(o.object.documentElement.outerHTML)',1000)
  • Look for HTML pages using an <object> tag with a 'data' parameter pointing to an attacker-controlled redirect (e.g., r.php) that issues a Location HTTP header to a cross-domain target, combined with outerHTML access in JavaScript.
  • Detect JavaScript use of 'documentElement.outerHTML' on an embedded object element, which is the mechanism used to exfiltrate cross-domain page content in this exploit.
  • Monitor for HTTP responses from attacker-controlled servers that issue a Location redirect header pointing to a third-party/target domain, where the initial request originated from an <object data=...> tag load.
  • ·The proof-of-concept exploit is described as incomplete; it demonstrates feasibility but may not be a fully weaponized payload.
  • ·The vulnerability was confirmed on a specific platform (Windows Server 2003 Enterprise Edition SP1); detection rules should account for the fact that exploitation context is tied to Internet Explorer's cross-domain policy enforcement.
  • ·A similar variant of this cross-domain outerHTML vulnerability also affects Slim Browser 4.07 build 100, so detection logic should not be scoped exclusively to Internet Explorer.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.