CVE-2005-4827

Name of the Vulnerable Software and Affected Versions Internet Explorer version 6.0

Description The issue allows remote attackers to bypass the same origin security policy and make requests outside of the intended domain. This is achieved by calling open on an XMLHttpRequest object (Microsoft.XMLHTTP) and using tab, newline, and carriage return characters within the first argument (method name). This method is supported by some proxy servers that convert tabs to spaces, which can be leveraged to conduct referer spoofing, HTTP Request Smuggling, and other attacks.

Recommendations For Internet Explorer version 6.0, consider disabling the use of XMLHttpRequest objects until a patch is available. Restrict access to sensitive domains and resources to minimize the risk of exploitation. Avoid using the open method with unvalidated input in the method name argument.