CVE-2008-3474Sensitive Information Exposure in Microsoft Internet Explorer

CWE-200Sensitive Information Exposure2 documents2 sources
Severity
6.5MEDIUMNVD
EPSS
48.9%
top 2.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Internet Explorer
Timeline
PublishedOct 15
Latest updateMay 2

Description

Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy and obtain sensitive information via a crafted HTML document, aka "Cross-Domain Information Disclosure Vulnerability."

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

NVDmicrosoft/internet_explorer5.01, 6, 7+2

🔴Vulnerability Details

1
GHSA
GHSA-fv89-5gfc-wwfc: Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to2022-05-02
CVE-2008-3474 — Sensitive Information Exposure | cvebase