CVE-2006-3639 — Microsoft IE vulnerability

3 documents3 sources

Severity

7.5HIGHNVD

EPSS

45.1%

top 2.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft IE Microsoft Internet Explorer

Timeline

PublishedAug 9

Latest updateMay 1

Description

Microsoft Internet Explorer 5.01 and 6 does not properly identify the originating domain zone when handling redirects, which allows remote attackers to read cross-domain web pages and possibly execute code via unspecified vectors involving a crafted web page, aka "Source Element Cross-Domain Vulnerability."

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDmicrosoft/internet_explorer5.01

▶NVDmicrosoft/ie6

Patches

Patch: www.kb.cert.org ↗Patch: www.us-cert.gov ↗Patch: www.kb.cert.org ↗

🔴Vulnerability Details

GHSA

GHSA-fcjr-w792-xxg9: Microsoft Internet Explorer 5↗2022-05-01

▶

CVEList

CVE-2006-3639: Microsoft Internet Explorer 5↗2006-08-09

▶