CVE-2007-3481
Microsoft Internet Explorer 6 and 7 - Cross-Domain Information Disclosure via JavaScript Document Variable Overwrite
Title source: llmDescription
Cross-domain vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to bypass the Same Origin Policy and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute. NOTE: this issue has been disputed by other researchers, citing a variable scoping issue and information about the semantics of document.domain
References (3)
Core 3
Core References
Various Sources x_refsource_misc
http://www.0x000000.com/?i=371
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/38953
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/24704
Scores
EPSS
0.1585
EPSS Percentile
96.5%
Details
CWE
CWE-119
Status
published
Products (2)
microsoft/internet_explorer
6
microsoft/internet_explorer
7
Published
Jun 28, 2007
Tracked Since
Feb 18, 2026