Vulnerability Note VU#883108
Microsoft Internet Explorer HTML Document object cross-domain vulnerability
Microsoft Internet Explorer contains a cross-domain vulnerability in how it handles redirected object data. This could allow an attacker to access the content of a web page in a different domain.
The Cross-Domain Security Model
IE uses a cross-domain security model to maintain separation between browser frames from different sources. This model is designed to prevent code in one domain from accessing data in a different domain. The Internet Security Manager Object determines which zone or domain a URL exists in and what actions can be performed. From Microsoft Security Bulletin MS03-048:
The HTML Document object provides the core HTML rendering functionality of the Internet Explorer web browser. This object is provided by the file mshtml.dll. A web page can make use of the HTML Document object as an ActiveX control by using the <OBJECT> tag.
The HTML Document object fails to enforce the cross-domain security model when it encounters an HTTP redirect to a site that uses an HTTP Cache-Control header of "private."
By convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message), an attacker may be able to obtain access to web content in another domain. The impact is similar to that of a cross-site scripting vulnerability. For a more detailed description of the impact of cross-site scripting vulnerabilities, please see CERT Advisory CA-2000-02.
Apply an update
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Affected||28 Jun 2006||08 Aug 2006|
CVSS Metrics (Learn More)
This vulnerability was publicly disclosed by Plebo Aesdi Nael.
This document was written by Will Dormann.
- CVE IDs: CVE-2006-3280
- Date Public: 27 Jun 2006
- Date First Published: 28 Jun 2006
- Date Last Updated: 08 Aug 2006
- Severity Metric: 11.34
- Document Revision: 12
If you have feedback, comments, or additional information about this vulnerability, please send us email.