Window Location Property Cross-Domain VulnerabilityID: oval:org.mitre.oval:def:5901 | Date: (C)2008-10-14 (M)2022-10-10 |
Class: VULNERABILITY | Family: windows |
Cross-domain vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 7 allows remote attackers to access restricted information from other domains via JavaScript that uses the Object data type for the value of a (1) location or (2) location.href property, related to incorrect determination of the origin of web script, aka "Window Location Property Cross-Domain Vulnerability." NOTE: according to Microsoft, CVE-2008-2948 and CVE-2008-2949 are duplicates of this issue, probably different attack vectors.
Platform: |
Microsoft Windows 2000 |
Microsoft Windows Server 2003 |
Microsoft Windows Server 2008 |
Microsoft Windows Vista |
Microsoft Windows XP |
Product: |
Microsoft Internet Explorer 5.01 |
Microsoft Internet Explorer 6 |
Microsoft Internet Explorer 7 |