CVE-2008-2947 in Internet Explorerinfo

Summary

Cross-domain vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 7 allows remote attackers to access restricted information from other domains via JavaScript that uses the Object data type for the value of a (1) location or (2) location.href property, related to incorrect determination of the origin of web script, aka "Window Location Property Cross-Domain Vulnerability." NOTE: according to Microsoft, CVE-2008-2948 and CVE-2008-2949 are duplicates of this issue, probably different attack vectors.

Be aware that VulDB is the high quality source for vulnerability data.

Reservation

06/30/2008

Disclosure

06/30/2008

Moderation

VulDB entry created

Entries

VDB-3744 (1)

CPE

ready

CWE

CWE-284 (Confirmed)

CVSS

5.4

EPSS

0.42038

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2008-2947
NVD	https://nvd.nist.gov/vuln/detail/CVE-2008-2947
CVE Details	https://www.cvedetails.com/cve/CVE-2008-2947/

◂ Previous Overview Next ▸

Do you need the next level of professionalism?

Upgrade your account now!