Cross-domain vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 7 allows remote attackers to access restricted information from other domains via JavaScript that uses the Object data type for the value of a (1) location or (2) location.href property, related to incorrect determination of the origin of web script, aka "Window Location Property Cross-Domain Vulnerability." NOTE: according to Microsoft, CVE-2008-2948 and CVE-2008-2949 are duplicates of this issue, probably different attack vectors.
Software | From | Fixed in |
---|---|---|
microsoft / internet_explorer | 5.01-sp4 | 5.01-sp4.x |
microsoft / internet_explorer | 6 | 6.x |
microsoft / internet_explorer | 7 | 7.x |