PT-2008-4385 · Microsoft · Internet Explorer

Eduardo Vela

Publicado

2008-06-30

Atualizado

2021-07-23

CVE-2008-2948

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer versions 7 through 8

Description A cross-domain issue allows remote attackers to change the location property of a frame via the Object data type. This can be used to observe domain-independent events, such as onkeydown events, using a frame from a different domain.

Recommendations For Microsoft Internet Explorer versions 7 and 8, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2008-2948

Produtos afetados

Internet Explorer

PT-2008-4385 · Microsoft · Internet Explorer

CVE-2008-2948

Identificadores relacionados

Produtos afetados

Referências · 9