CVE-2007-3481

Microsoft Internet Explorer 6 and 7 - Cross-Domain Information Disclosure via JavaScript Document Variable Overwrite

Title source: llm
STIX 2.1

Description

Cross-domain vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to bypass the Same Origin Policy and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute. NOTE: this issue has been disputed by other researchers, citing a variable scoping issue and information about the semantics of document.domain

References (3)

Core 3
Core References
Various Sources x_refsource_misc
http://www.0x000000.com/?i=371
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/38953
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/24704

Scores

EPSS 0.1585
EPSS Percentile 96.5%

Details

CWE
CWE-119
Status published
Products (2)
microsoft/internet_explorer 6
microsoft/internet_explorer 7
Published Jun 28, 2007
Tracked Since Feb 18, 2026