CVE-2009-3003 — Microsoft Internet Explorer vulnerability

2 documents2 sources

Severity

4.3MEDIUMNVD

EPSS

22.7%

top 4.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Internet Explorer

Timeline

PublishedAug 28

Latest updateMay 2

Description

Microsoft Internet Explorer 6 through 8 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDmicrosoft/internet_explorer6, 7, 8+2

🔴Vulnerability Details

GHSA

GHSA-69jj-5437-wm23: Microsoft Internet Explorer 6 through 8 allows remote attackers to spoof the address bar, via window↗2022-05-02

▶