NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2008-2947

Summary	Cross-domain vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 7 allows remote attackers to access restricted information from other domains via JavaScript that uses the Object data type for the value of a (1) location or (2) location.href property, related to incorrect determination of the origin of web script, aka "Window Location Property Cross-Domain Vulnerability." NOTE: according to Microsoft, CVE-2008-2948 and CVE-2008-2949 are duplicates of this issue, probably different attack vectors.
Publication Date	July 1, 2008, 7:41 a.m.
Registration Date	Jan. 29, 2021, 1:38 p.m.
Last Update	Oct. 13, 2018, 6:47 a.m.

CVSS2.0 : MEDIUM
Score	6.8
Vector	AV:N/AC:M/Au:N/C:P/I:P/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	低
可用性への影響(A)	低
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	はい
User operation required	はい

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:microsoft:internet_explorer:5.01:sp4::::::
cpe:2.3:a:microsoft:internet_explorer:6:::::::*
cpe:2.3:a:microsoft:internet_explorer:7:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://blogs.zdnet.com/security/?p=1348	MISC	Press/Media Coverage
2	http://marc.info/?l=bugtraq&m=122479227205998&w=2	HP	Mailing List
3	http://secunia.com/advisories/30857	SECUNIA	Permissions Required Vendor Advisory
4	http://www.kb.cert.org/vuls/id/923508	CERT-VN	Third Party Advisory US Government Resource
5	http://www.ph4nt0m.org-a.googlepages.com/PSTZine_0x02_0x04.txt	MISC	Exploit
6	http://www.securityfocus.com/bid/29960	BID	Third Party Advisory VDB Entry
7	http://www.securitytracker.com/id?1020382	SECTRACK	Third Party Advisory VDB Entry
8	http://www.us-cert.gov/cas/techalerts/TA08-288A.html	CERT	Third Party Advisory US Government Resource
9	http://www.vupen.com/english/advisories/2008/1940/references	VUPEN	Broken Link
10	http://www.vupen.com/english/advisories/2008/2809	VUPEN	Broken Link
11	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-058	MS
12	https://exchange.xforce.ibmcloud.com/vulnerabilities/43366	XF
13	https://exchange.xforce.ibmcloud.com/vulnerabilities/45565	XF
14	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5901	OVAL

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-284	不適切なアクセス制御	https://cwe.mitre.org/data/definitions/284.html