CVE-2006-3280

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer version 6.0

Description The issue allows remote attackers to access restricted information from other domains. This is achieved through an object tag with a data parameter that references a link on the attacker's site, which then makes the content available through the outerHTML attribute of the object. An attacker could exploit this by constructing a specially crafted Web page, allowing for information disclosure if a user views the page. The vulnerability requires the targeted Web page to use gzip encoding or another compression type supported by Internet Explorer and to be cached on the client side.

Recommendations For Microsoft Internet Explorer version 6.0, consider disabling the use of object tags with data parameters that reference external links as a temporary workaround until a patch is available. Restrict access to cached Web pages that use gzip encoding or other compression types to minimize the risk of exploitation.