Signature Detail
Short Name |
HTTP:STC:IE:CROSS-DOMAIN-INFO |
|---|---|
Severity |
Medium |
Recommended |
No |
Category |
HTTP |
Keywords |
Internet Explorer Cross Domain Information Disclosure (CVE-2006-3280) |
Release Date |
2010/09/10 |
Update Number |
1770 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Internet Explorer Cross Domain Information Disclosure (CVE-2006-3280)
This signature detects attempts to exploit a known vulnerability against Microsoft Internet Explorer. Attackers can use the vulnerability to disclose information.
Extended Description
Microsoft Internet Explorer is prone to an information-disclosure vulnerability because it fails to properly enforce cross-domain policies. This issue may allow attackers to access arbitrary websites in the context of a targeted user's browser session. This may allow attackers to perform actions in web applications with the privileges of exploited users or to gain access to potentially sensitive information. This may aid attackers in further attacks.
Affected Products
- Microsoft Internet Explorer 5.0
- Microsoft Internet Explorer 5.0.1
- Microsoft Internet Explorer 5.0.1 SP1
- Microsoft Internet Explorer 5.0.1 SP2
- Microsoft Internet Explorer 5.0.1 SP3
- Microsoft Internet Explorer 5.0.1 SP4
- Microsoft Internet Explorer 6.0
- Microsoft Internet Explorer 6.0 SP1
- Nortel Networks CallPilot 1002Rp
- Nortel Networks CallPilot 200I
- Nortel Networks CallPilot 201I
- Nortel Networks CallPilot 702T
- Nortel Networks CallPilot 703T
- Nortel Networks Centrex IP Client Manager
- Nortel Networks Centrex IP Element Manager
- Nortel Networks Contact Center - Agent Desktop Display
- Nortel Networks Symposium Agent
References
- BugTraq: 18682
- CVE: CVE-2006-3280