ID CVE-2006-1191
Summary Microsoft Internet Explorer 5.01 through 6 does not always correctly identify the domain that is associated with a browser window, which allows remote attackers to obtain sensitive cross-domain information and spoof sites by running script after the user has navigated to another site.
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:ie:5.01:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.01:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*
CVSS
Base: 4.0 (as of 12-10-2018 - 21:39)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:N/AC:H/Au:N/C:P/I:P/A:N
oval via4
  • accepted 2011-05-16T04:00:40.668-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Dragos Prisaca
      organization Gideon Technologies, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Microsoft Internet Explorer 5.01 through 6 does not always correctly identify the domain that is associated with a browser window, which allows remote attackers to obtain sensitive cross-domain information and spoof sites by running script after the user has navigated to another site.
    family windows
    id oval:org.mitre.oval:def:1251
    status accepted
    submitted 2006-04-12T12:55:00.000-04:00
    title IE6 Cross-Domain Information Disclosure Vulnerability (WinXP)
    version 68
  • accepted 2011-05-16T04:01:38.707-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Microsoft Internet Explorer 5.01 through 6 does not always correctly identify the domain that is associated with a browser window, which allows remote attackers to obtain sensitive cross-domain information and spoof sites by running script after the user has navigated to another site.
    family windows
    id oval:org.mitre.oval:def:1710
    status accepted
    submitted 2006-04-12T12:55:00.000-04:00
    title IE6 Cross-Domain Information Disclosure Vulnerability (Server 2003,SP1)
    version 67
refmap via4
bid 17457
ms MS06-013
sectrack 1015892
secunia 18957
vupen ADV-2006-1318
xf ie-popup-zone-bypass(25555)
Last major update 12-10-2018 - 21:39
Published 11-04-2006 - 23:02
Back to Top