CVE-2008-2947Improper Access Control in Microsoft Internet Explorer

CWE-284Improper Access Control6 documents2 sources
Severity
6.8MEDIUMNVD
EPSS
42.0%
top 2.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Internet Explorer
Timeline
PublishedJun 30
Latest updateMay 1

Description

Cross-domain vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 7 allows remote attackers to access restricted information from other domains via JavaScript that uses the Object data type for the value of a (1) location or (2) location.href property, related to incorrect determination of the origin of web script, aka "Window Location Property Cross-Domain Vulnerability." NOTE: according to Microsoft, CVE-2008-2948 and CVE-2008-2949 are duplicates of this issue, probably different atta

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

NVDmicrosoft/internet_explorer4 versions+3

🔴Vulnerability Details

3
GHSA
GHSA-97qf-jfmw-g24f: Cross-domain vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to change the location property of a frame via the String da2022-05-01
GHSA
GHSA-ww6f-jp5h-g5hq: Cross-domain vulnerability in Microsoft Internet Explorer 52022-05-01
GHSA
GHSA-c5jv-q5g8-55g4: Cross-domain vulnerability in Microsoft Internet Explorer 7 and 8 allows remote attackers to change the location property of a frame via the Object da2022-05-01
CVE-2008-2947 — Improper Access Control in Microsoft | cvebase