CVE-2005-4089

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer (affected versions not specified)

Description The issue allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information. This is achieved by using the @import directive to download files from other domains that are not valid Cascading Style Sheets (CSS) files. An attacker could exploit this by constructing a specially crafted Web page that could lead to information disclosure if a user visits the site or clicks a link in a specially crafted e-mail message. The attacker could read file data from another Internet Explorer domain, but user interaction is required.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.