CVE-2008-3473 - компьютерная безопасность: уязвимости и эксплоиты

[RU] switch to
English Version

CVE CVE-2008-3473
Статус Candidate
Описание Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy, and execute arbitrary code or obtain sensitive information, via a crafted HTML document, aka "Event Handling Cross-Domain Vulnerability."
Важность High
CVSS score 9,3
CVSS vector (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Phase Assigned (26.01.2012)
NVD: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3473
References BID : 31616
CERT : TA08-288A
HP : HPSBST02379
HP : SSRT080143
MS : MS08-058
SECTRACK : 1021047
VUPEN : ADV-2008-2809
XF : ie-event-security-bypass(45562)
XF : win-ms08kb956390-update(45565)
SecurityVulns: Многочисленные уязвимости безопасности в Microsoft Internet Explorer

test server