| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.9 | $0-$5k | 0.00 |
Summary
A vulnerability marked as problematic has been reported in Microsoft Internet Explorer up to 6. Impacted is an unknown function of the component CSS Handler. This manipulation causes access control. This vulnerability appears as CVE-2005-4089. The attack may be initiated remotely. In addition, an exploit is available. Applying a patch is the recommended action to fix this issue.
Details
A vulnerability was found in Microsoft Internet Explorer up to 6 (Web Browser). It has been declared as problematic. Affected by this vulnerability is an unknown code of the component CSS Handler. The manipulation with an unknown input leads to a access control vulnerability. The CWE definition for the vulnerability is CWE-264. As an impact it is known to affect confidentiality. The summary by CVE is:
Microsoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains that are not valid Cascading Style Sheets (CSS) files, as demonstrated using Google Desktop, aka "CSSXSS" and "CSS Cross-Domain Information Disclosure Vulnerability."
The weakness was presented 06/13/2006 by Andreas Sandblad as MS06-021 as confirmed bulletin (Technet). The advisory is shared at microsoft.com. This vulnerability is known as CVE-2005-4089 since 12/08/2005. The attack can be launched remotely. The exploitation doesn't need any form of authentication. It demands that the victim is doing some kind of user interaction. Technical details are unknown but a public exploit is available. MITRE ATT&CK project uses the attack technique T1068 for this issue.
After before and not just, there has been an exploit disclosed. It is possible to download the exploit at secunia.com. It is declared as proof-of-concept. We expect the 0-day to have been worth approximately $25k-$100k. The commercial vulnerability scanner Qualys is able to test this issue with plugin 100035 (Cumulative Security Update for Internet Explorer Missing (MS06-021)).
Applying the patch MS06-021 is able to eliminate this problem. The bugfix is ready for download at windowsupdate.microsoft.com. Furthermore it is possible to detect and prevent this kind of attack with TippingPoint and the filter 12526.
The vulnerability is also documented in the databases at X-Force (25634), SecurityFocus (BID 15660†), OSVDB (24465†), Secunia (SA17564†) and SecurityTracker (ID 1016291†). Additional details are provided at news.com.com. See VDB-2126, VDB-2289, VDB-2290 and VDB-2291 for similar entries. If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Product
Type
Vendor
Name
Version
License
Support
Website
- Vendor: https://www.microsoft.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.5VulDB Meta Temp Score: 5.9
VulDB Base Score: 6.5
VulDB Temp Score: 5.9
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Access controlCWE: CWE-264
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Access: Public
Status: Proof-of-Concept
Download: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
Patch: MS06-021
TippingPoint: 🔍
McAfee IPS: 🔍
McAfee IPS Version: 🔍
PaloAlto IPS: 🔍
Fortigate IPS: 🔍
Timeline
12/01/2005 🔍12/08/2005 🔍
12/08/2005 🔍
12/08/2005 🔍
12/08/2005 🔍
04/03/2006 🔍
04/04/2006 🔍
06/13/2006 🔍
06/13/2006 🔍
06/14/2006 🔍
06/14/2006 🔍
06/22/2025 🔍
Sources
Vendor: microsoft.comAdvisory: MS06-021
Researcher: Andreas Sandblad
Status: Confirmed
CVE: CVE-2005-4089 (🔍)
GCVE (CVE): GCVE-0-2005-4089
GCVE (VulDB): GCVE-100-2293
OVAL: 🔍
X-Force: 25634 - Microsoft Internet Explorer .swf address bar spoofing, Medium Risk
SecurityFocus: 15660 - Microsoft Internet Explorer CSS Import Cross-Domain Restriction Bypass Vulnerability
Secunia: 17564 - Internet Explorer CSS Import Information Disclosure, Less Critical
OSVDB: 24465 - Microsoft IE Window Loading Race Condition Address Bar Spoofing
SecurityTracker: 1016291 - Microsoft Internet Explorer Multiple Memory and Access Control Errors Let Remote Users Execute Arbitrary Code
Vulnerability Center: 11912 - [MS06-021] Internet Explorer Authentication Bypass via CSS Files Import, Medium
Vupen: ADV-2006-2319
scip Labs: https://www.scip.ch/en/?labs.20161013
Misc.: 🔍
See also: 🔍
Entry
Created: 06/14/2006 12:45Updated: 06/22/2025 05:13
Changes: 06/14/2006 12:45 (89), 04/07/2017 12:01 (11), 06/22/2025 05:13 (18)
Complete: 🔍
Cache ID: 216::103
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
No comments yet. Languages: en.
Please log in to comment.