CVE-2008-2949

{"id": "CVE-2008-2949", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": true}]}, "published": "2008-06-30T22:41:00.000", "references": [{"url": "http://blogs.zdnet.com/security/?p=1348", "source": "cve@mitre.org"}, {"url": "http://sirdarckcat.blogspot.com/2008/05/browsers-ghost-busters.html", "source": "cve@mitre.org"}, {"url": "http://technet.microsoft.com/en-us/security/cc405107.aspx#EHD", "source": "cve@mitre.org"}, {"url": "http://www.kb.cert.org/vuls/id/516627", "tags": ["US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/1941/references", "source": "cve@mitre.org"}, {"url": "http://blogs.zdnet.com/security/?p=1348", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://sirdarckcat.blogspot.com/2008/05/browsers-ghost-busters.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://technet.microsoft.com/en-us/security/cc405107.aspx#EHD", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.kb.cert.org/vuls/id/516627", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2008/1941/references", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Cross-domain vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to change the location property of a frame via the String data type, and use a frame from a different domain to observe domain-independent events, as demonstrated by observing onkeydown events with caballero-listener. NOTE: according to Microsoft, this is a duplicate of CVE-2008-2947, possibly a different attack vector."}, {"lang": "es", "value": "Una vulnerabilidad de tipo cross-domain en Microsoft Internet Explorer versiones 6 y 7, permite a los atacantes remotos cambiar la propiedad de ubicaci\u00f3n de una trama por medio del tipo de dato String y usar una trama de un dominio diferente para observar eventos independientes del dominio, como es demostrado mediante la observaci\u00f3n de eventos onkeydown con caballero-listener. NOTA: seg\u00fan Microsoft, este es un duplicado del CVE-2008-2947, posiblemente un vector de ataque diferente."}], "lastModified": "2024-11-21T00:48:05.197", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "693D3C1C-E3E4-49DB-9A13-44ADDFF82507"}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A33FA7F-BB2A-4C66-B608-72997A2BD1DB"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}