CVE-2006-3280
First published: Wed Jun 28 2006(Updated: )
Cross-domain vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, aka "Redirect Cross-Domain Information Disclosure Vulnerability."
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Internet Explorer | =6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047398.html
- http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060627/3d930eda/PLEBO-2006.06.16-IE_ONE_MINOR_ONE_MAJOR.obj
- http://www.securityfocus.com/bid/18682
- http://secunia.com/advisories/20825
- http://www.kb.cert.org/vuls/id/883108
- http://securitytracker.com/id?1016388
- http://secunia.com/internet_explorer_information_disclosure_vulnerability_test
- http://www.us-cert.gov/cas/techalerts/TA06-220A.html
- http://secunia.com/advisories/21396
- http://www.vupen.com/english/advisories/2006/2553
- http://www.vupen.com/english/advisories/2006/3212
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27452
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A738
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042
- http://www.securityfocus.com/archive/1/439146/100/0/threaded
- http://www.securityfocus.com/archive/1/438864/100/0/threaded
- http://www.securityfocus.com/archive/1/438863/100/0/threaded
- http://www.securityfocus.com/archive/1/438811/100/0/threaded
- http://www.securityfocus.com/archive/1/438788/100/0/threaded
- http://www.securityfocus.com/archive/1/438785/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2006-3280?
CVE-2006-3280 is considered a moderate severity vulnerability.
How do I fix CVE-2006-3280?
To fix CVE-2006-3280, upgrade to a version of Microsoft Internet Explorer that is not affected, specifically versions after 6.0.
What does CVE-2006-3280 exploit?
CVE-2006-3280 exploits a cross-domain vulnerability in Microsoft Internet Explorer 6.0 to access restricted information from other domains.
What software is affected by CVE-2006-3280?
CVE-2006-3280 affects Microsoft Internet Explorer version 6.0.
Can CVE-2006-3280 be mitigated?
Mitigation for CVE-2006-3280 can include applying security patches and using alternative web browsers.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/microsoft
- canonical/internet explorer
- version/internet explorer/6.0