CVE-2006-3280

Microsoft Internet Explorer 6.0 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-3280. PoCs published by Plebo Aesdi Nael.

AI-analyzed exploit summary This exploit demonstrates an information disclosure vulnerability in Microsoft Internet Explorer by bypassing cross-domain policies. It uses an object tag with a PHP redirect to fetch and display content from an arbitrary domain (e.g., Google) within the context of the victim's session.

Description

Cross-domain vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, aka "Redirect Cross-Domain Information Disclosure Vulnerability."

Exploits (1)

exploitdb WORKING POC VERIFIED
by Plebo Aesdi Nael · htmlremotewindows
https://www.exploit-db.com/exploits/28118

This exploit demonstrates an information disclosure vulnerability in Microsoft Internet Explorer by bypassing cross-domain policies. It uses an object tag with a PHP redirect to fetch and display content from an arbitrary domain (e.g., Google) within the context of the victim's session.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Microsoft Internet Explorer (versions affected by CVE-2006-3280)
No auth needed
Prerequisites: Victim must visit a malicious webpage hosting the exploit · Web server to host the exploit files (i.html and r.php)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (20)

Core 20
Core References
Mailing List mailing-list x_refsource_fulldisc
http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047398.html
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/438863/100/0/threaded
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/20825
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/439146/100/0/threaded
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/883108
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/27452
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1016388
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/438785/100/0/threaded
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/21396
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/3212
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/438864/100/0/threaded
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA06-220A.html
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/438811/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A738
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/438788/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/18682
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/2553

Scores

EPSS 0.5592
EPSS Percentile 98.9%

Details

Status published
Products (1)
microsoft/internet_explorer 6.0
Published Jun 28, 2006
Tracked Since Feb 18, 2026