製品・ソフトウェアに関する情報

JVN脆弱性詳細

Microsoft Internet Explorer 6 における page プロパティを偽装される脆弱性

Title	Microsoft Internet Explorer 6 における page プロパティを偽装される脆弱性
Summary	Microsoft Internet Explorer 6 には、URL バー、および SSL 証明書を含む page プロパティを偽装される脆弱性が存在します。
Possible impacts	第三者により、ロケーション DOM オブジェクトおよび setTimeout 呼び出しの特定の使用でページ読み込みを解釈されることで、URL バー、および SSL 証明書を含む page プロパティを偽造される可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	June 6, 2007, midnight
Registration Date	Sept. 25, 2012, 4:47 p.m.
Last Update	Sept. 25, 2012, 4:47 p.m.

Affected System

マイクロソフト

Microsoft Internet Explorer 6

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2007-3092	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3092
National Vulnerability Database (NVD)
2	CVE-2007-3092	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3092

ベンダー情報

No	Name	URL
Microsoft
1	Internet Explorer	http://windows.microsoft.com/en-US/internet-explorer/downloads/ie

Change Log

No	Changed Details	Date of change
0	[2012年09月25日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2007-3092

Summary	Microsoft Internet Explorer 6 allows remote attackers to spoof the URL bar, and page properties including SSL certificates, by interrupting page loading through certain use of location DOM objects and setTimeout calls. NOTE: this issue can be leveraged for phishing and other attacks.
Summary	Microsoft Internet Explorer 6 permite a atacantes remotos falsificar la barra de URL, y las propiedades de la página incluyendo certificados SSL, interrumpiendo la carga de la página mediante determinado uso de objetos de localización DOM y llamadas a setTimeout. NOTA: este problema puede ser aprovechado para ataques de fraude (phishing) y otros.
Publication Date	June 7, 2007, 6:30 a.m.
Registration Date	Jan. 29, 2021, 2:14 p.m.
Last Update	April 23, 2026, 9:35 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:microsoft:internet_explorer:6.0:::::::*
cpe:2.3:a:microsoft:internet_explorer:6.0:sp1::::::
cpe:2.3:a:microsoft:internet_explorer:6.0:sp2::::::

Related information, measures and tools

No	URL	refsource
1	http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0026.html	cve@mitre.org
2	http://lcamtuf.coredump.cx/ietrap2/	cve@mitre.org
3	http://osvdb.org/45437	cve@mitre.org
4	http://secunia.com/advisories/25564	cve@mitre.org
5	http://securityreason.com/securityalert/2781	cve@mitre.org
6	http://securitytracker.com/id?1018193	cve@mitre.org
7	http://www.securityfocus.com/archive/1/470446/100/0/threaded	cve@mitre.org
8	http://www.securityfocus.com/bid/24298	cve@mitre.org
9	https://exchange.xforce.ibmcloud.com/vulnerabilities/34705	cve@mitre.org
10	http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0026.html	af854a3a-2127-422b-91ae-364da2661108
11	http://lcamtuf.coredump.cx/ietrap2/	af854a3a-2127-422b-91ae-364da2661108
12	http://osvdb.org/45437	af854a3a-2127-422b-91ae-364da2661108
13	http://secunia.com/advisories/25564	af854a3a-2127-422b-91ae-364da2661108
14	http://securityreason.com/securityalert/2781	af854a3a-2127-422b-91ae-364da2661108
15	http://securitytracker.com/id?1018193	af854a3a-2127-422b-91ae-364da2661108
16	http://www.securityfocus.com/archive/1/470446/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
17	http://www.securityfocus.com/bid/24298	af854a3a-2127-422b-91ae-364da2661108
18	https://exchange.xforce.ibmcloud.com/vulnerabilities/34705	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List