CVE-2007-3481

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer versions 6 through 7

Description A cross-domain issue allows remote attackers to bypass the Same Origin Policy and access restricted information from other domains via JavaScript. This is achieved by overwriting the document variable and statically setting the document.domain attribute. The issue has been disputed by other researchers, who cite a variable scoping issue and information about the semantics of document.domain.

Recommendations For Microsoft Internet Explorer versions 6 and 7, as a temporary workaround, consider restricting the use of JavaScript that overwrites the document variable and sets the document.domain attribute until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.