Computer Security
[EN] securityvulns.ru no-pyccku


Multiple Microsoft Internet Explorer and Windows security vulnerabilities
updated since 28.06.2006
Published:09.08.2006
Source:
SecurityVulns ID:6314
Type:client
Threat Level:
7/10
Description:Cross-domain page content access, MSHTA code execution.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Internet Explorer 6.0
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 GOSURF : GoSuRF Browser 2.62
 FASTBROWSER : Fast Browser Pro 8.1
 ENIGMA : Enigma Browser 3.8
 NETCAPTOR : NetCaptor 4.5
 SLIMBROWSER : Slim Browser 4.07
 FINEBROWSER : FineBrowser 3.2
 PHASEOUT : PhaseOut 5.4
 MAXTHON : Maxthon 1.5
 GREENBROWSER : GreenBrowser 3.4
 MYWEB4NET : MYweb4net Browser 3.8
CVE:CVE-2006-6992 (Cross-domain vulnerability in GoSuRF Browser 2.62 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.)
 CVE-2006-6991 (Cross-domain vulnerability in Fast Browser Pro 8.1 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.)
 CVE-2006-6990 (Cross-domain vulnerability in Enigma Browser 3.8.8 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.)
 CVE-2006-6989 (Cross-domain vulnerability in NetCaptor 4.5.7 Personal Edition allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.)
 CVE-2006-6988 (Cross-domain vulnerability in Slim Browser 4.07 build 100 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.)
 CVE-2006-6987 (Cross-domain vulnerability in FineBrowser Freeware 3.2.2 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.)
 CVE-2006-6986 (Cross-domain vulnerability in PhaseOut 5.4.4 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.)
 CVE-2006-6985 (Cross-domain vulnerability in Maxthon 1.5.6 build 42 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.)
 CVE-2006-6984 (Cross-domain vulnerability in GreenBrowser 3.4.0622 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.)
 CVE-2006-6983 (Cross-domain vulnerability in MYweb4net Browser 3.8.8.0 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.)
 CVE-2006-3280 (Cross-domain vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, aka "Redirect Cross-Domain Information Disclosure Vulnerability.")
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS06-045 Vulnerability in Windows Explorer Could Allow Remote Code Execution (921398) (08.08.2006)
 documentPlebo Aesdi Nael, IE_ONE_MINOR_ONE_MAJOR (28.06.2006)
Files:Microsoft Security Bulletin MS06-045 Vulnerability in Windows Explorer Could Allow Remote Code Execution (921398)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod