Info

Disclosure

Aug 08, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Aug 08, 2008

Description

Microsoft Internet Explorer contains a flaw that may allow a malicious user to read cross-domain web pages and possibly execute code via unspecified vectors involving a specially crafted web page. It is possible that the flaw may allow execution of code resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Workaround, Patch / RCS
Exploit: Exploit Rumored
Disclosure: OSVDB Verified, Vendor Verified

Solution

Microsoft has released a patch to address this issue. Additionally, it is possible to correct the flaw by implementing the following workaround(s): Disable active scripting and activeX controls.

Products

Microsoft Corporation	Internet Explorer	5
		6

References

Security Tracker: 1016663
Bugtraq ID: 19400
CVE ID: 2006-3639 (see also: NVD)
Secunia Advisory ID: 21396
SCIP VulDB ID: 2442
CERT VU: 252764
Related OSVDB ID: 27850 27852 27853 27854 27855
Microsoft Knowledge Base Article: 918899
VUPEN Advisory: ADV-2006-3212
Keyword: aka "Source Element Cross-Domain Vulnerability."
News Article: http://www.techworld.com/security/news/index.cfm?newsID=6581
Microsoft Security Bulletin: MS06-042

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/27851

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Microsoft Corporation

Internet Explorer

References

Credit