Executive Summary

Informations
Name CVE-2006-3280 First vendor Publication 2006-06-28
Vendor Cve Last vendor Modification 2021-07-23

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Cross-domain vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, aka "Redirect Cross-Domain Information Disclosure Vulnerability."

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3280

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:738
 
Oval ID: oval:org.mitre.oval:def:738
Title: Redirect Cross-Domain Information Disclosure Vulnerability
Description: Cross-domain vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, aka "Redirect Cross-Domain Information Disclosure Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2006-3280
 Version: 10
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
 Product(s): Microsoft Internet Explorer
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

Open Source Vulnerability Database (OSVDB)

Id Description
26956 Microsoft IE object.documentElement.outerHTML Cross-site Information Disclosure

Snort® IPS/IDS

Date Description
2014-01-10 DXImageTransform.Microsoft.NDFXArtEffects ActiveX function call access
RuleID : 8425 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10 DXImageTransform.Microsoft.NDFXArtEffects ActiveX CLSID unicode access
RuleID : 7915 - Revision : 7 - Type : WEB-ACTIVEX
2014-01-10 DXImageTransform.Microsoft.NDFXArtEffects ActiveX clsid access
RuleID : 7914 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10 WM VIH2 Fix ActiveX CLSID unicode access
RuleID : 7501 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer WM VIH2 Fix ActiveX clsid access
RuleID : 7500 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 WM TV Out Smooth Picture Filter ActiveX CLSID unicode access
RuleID : 7499 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer WM TV Out Smooth Picture Filter ActiveX clsid access
RuleID : 7498 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 WMT Volume ActiveX CLSID unicode access
RuleID : 7497 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer WMT Volume ActiveX clsid access
RuleID : 7496 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 WMT Virtual Source ActiveX CLSID unicode access
RuleID : 7495 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer WMT Virtual Source ActiveX clsid access
RuleID : 7494 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 WMT Virtual Renderer ActiveX CLSID unicode access
RuleID : 7493 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer WMT Virtual Renderer ActiveX clsid access
RuleID : 7492 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 WMT Switch Filter ActiveX CLSID unicode access
RuleID : 7491 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer WMT Switch Filter ActiveX clsid access
RuleID : 7490 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 WMT Screen capture Filter ActiveX CLSID unicode access
RuleID : 7489 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer WMT Screen capture Filter ActiveX clsid access
RuleID : 7488 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 WMT Screen Capture Filter Task Page ActiveX CLSID unicode access
RuleID : 7487 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer WMT Screen Capture Filter Task Page ActiveX clsid...
RuleID : 7486 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 WMT Sample Info Filter ActiveX CLSID unicode access
RuleID : 7485 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer WMT Sample Info Filter ActiveX clsid access
RuleID : 7484 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 WMT MuxDeMux Filter ActiveX CLSID unicode access
RuleID : 7483 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer WMT MuxDeMux Filter ActiveX clsid access
RuleID : 7482 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 WMT Log Filter ActiveX CLSID unicode access
RuleID : 7481 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer WMT Log Filter ActiveX clsid access
RuleID : 7480 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 WMT Interlacer ActiveX CLSID unicode access
RuleID : 7479 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer WMT Interlacer ActiveX clsid access
RuleID : 7478 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 WMT Import Filter ActiveX CLSID unicode access
RuleID : 7477 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer WMT Import Filter ActiveX clsid access
RuleID : 7476 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 WMT FormatConversion ActiveX CLSID unicode access
RuleID : 7475 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer WMT FormatConversion ActiveX clsid access
RuleID : 7474 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 WMT FormatConversion Prop Page ActiveX CLSID unicode access
RuleID : 7473 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer WMT FormatConversion Prop Page ActiveX clsid access
RuleID : 7472 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 WMT DV Extract Filter ActiveX CLSID unicode access
RuleID : 7471 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer WMT DV Extract Filter ActiveX clsid access
RuleID : 7470 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 WMT DirectX Transform Wrapper ActiveX CLSID unicode access
RuleID : 7469 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer WMT DirectX Transform Wrapper ActiveX clsid access
RuleID : 7468 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 WMT DeInterlace Prop Page ActiveX CLSID unicode access
RuleID : 7467 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer WMT DeInterlace Prop Page ActiveX clsid access
RuleID : 7466 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 WMT DeInterlace Filter ActiveX CLSID unicode access
RuleID : 7465 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer WMT DeInterlace Filter ActiveX clsid access
RuleID : 7464 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 WMT Black Frame Generator ActiveX CLSID unicode access
RuleID : 7463 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer WMT Black Frame Generator ActiveX clsid access
RuleID : 7462 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 WMT Audio Analyzer ActiveX CLSID unicode access
RuleID : 7461 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer WMT Audio Analyzer ActiveX clsid access
RuleID : 7460 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 Wmm2fxb.dll ActiveX CLSID unicode access
RuleID : 7459 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer Wmm2fxb.dll ActiveX clsid access
RuleID : 7458 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 Wmm2fxa.dll ActiveX CLSID unicode access
RuleID : 7457 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer Wmm2fxa.dll ActiveX clsid access
RuleID : 7456 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 Wmm2ae.dll ActiveX CLSID unicode access
RuleID : 7455 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer Wmm2ae.dll ActiveX clsid access
RuleID : 7454 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 WM Color Converter Filter ActiveX CLSID unicode access
RuleID : 7453 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer WM Color Converter Filter ActiveX clsid access
RuleID : 7452 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 Stetch ActiveX CLSID unicode access
RuleID : 7451 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer Stetch ActiveX clsid access
RuleID : 7450 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 ShotDetect ActiveX CLSID unicode access
RuleID : 7449 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer ShotDetect ActiveX clsid access
RuleID : 7448 - Revision : 12 - Type : BROWSER-PLUGINS
2014-01-10 Record Queue ActiveX CLSID unicode access
RuleID : 7447 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer Record Queue ActiveX clsid access
RuleID : 7446 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 Mmedia.AsyncMHandler.1 ActiveX CLSID unicode access
RuleID : 7445 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer Mmedia.AsyncMHandler.1 ActiveX clsid access
RuleID : 7444 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 mmAEPlugIn.AEPlugIn.1 ActiveX CLSID unicode access
RuleID : 7443 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer mmAEPlugIn.AEPlugIn.1 ActiveX clsid access
RuleID : 7442 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 Frame Eater ActiveX CLSID unicode access
RuleID : 7438 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer Frame Eater ActiveX clsid access
RuleID : 7437 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Internet Explorer Dynamic Casts ActiveX function call
RuleID : 7436 - Revision : 16 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Internet Explorer Dynamic Casts ActiveX clsid access
RuleID : 7435 - Revision : 19 - Type : BROWSER-PLUGINS
2014-01-10 DirectX Transform Wrapper Property Page ActiveX CLSID unicode access
RuleID : 7434 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer DirectX Transform Wrapper Property Page ActiveX c...
RuleID : 7433 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 DirectFrame.DirectControl.1 ActiveX CLSID unicode access
RuleID : 7432 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer DirectFrame.DirectControl.1 ActiveX clsid access
RuleID : 7431 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 Bitmap ActiveX CLSID unicode access
RuleID : 7430 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer Bitmap ActiveX clsid access
RuleID : 7429 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 Allocator Fix ActiveX CLSID unicode access
RuleID : 7428 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer Allocator Fix ActiveX clsid access
RuleID : 7427 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 9x8Resize ActiveX CLSID unicode access
RuleID : 7426 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer 9x8Resize ActiveX clsid access
RuleID : 7425 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Internet Explorer cross domain information disclosure attempt
RuleID : 18194 - Revision : 7 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer cross domain information disclosure attempt
RuleID : 18193 - Revision : 8 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer cross domain information disclosure attempt
RuleID : 16045 - Revision : 10 - Type : BROWSER-IE

Nessus® Vulnerability Scanner

Date Description
2006-08-08 Name : Arbitrary code can be executed on the remote host through the web client.
File : smb_nt_ms06-042.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/18682
BUGTRAQ http://www.securityfocus.com/archive/1/438785/100/0/threaded
http://www.securityfocus.com/archive/1/438788/100/0/threaded
http://www.securityfocus.com/archive/1/438811/100/0/threaded
http://www.securityfocus.com/archive/1/438863/100/0/threaded
http://www.securityfocus.com/archive/1/438864/100/0/threaded
http://www.securityfocus.com/archive/1/439146/100/0/threaded
CERT http://www.us-cert.gov/cas/techalerts/TA06-220A.html
CERT-VN http://www.kb.cert.org/vuls/id/883108
FULLDISC http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047398.html
MISC http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060627/3d930...
http://secunia.com/internet_explorer_information_disclosure_vulnerability_test
MS https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06...
OVAL https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
SECTRACK http://securitytracker.com/id?1016388
SECUNIA http://secunia.com/advisories/20825
http://secunia.com/advisories/21396
VUPEN http://www.vupen.com/english/advisories/2006/2553
http://www.vupen.com/english/advisories/2006/3212
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/27452

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
Date Informations
2021-07-27 00:24:35
  • Multiple Updates
2021-07-24 01:44:13
  • Multiple Updates
2021-07-24 01:02:42
  • Multiple Updates
2021-07-23 17:24:39
  • Multiple Updates
2021-05-04 12:04:14
  • Multiple Updates
2021-04-22 01:04:52
  • Multiple Updates
2020-05-23 00:18:00
  • Multiple Updates
2018-10-18 21:20:13
  • Multiple Updates
2018-10-13 00:22:34
  • Multiple Updates
2017-10-11 09:23:42
  • Multiple Updates
2017-07-20 09:23:42
  • Multiple Updates
2016-04-26 14:48:01
  • Multiple Updates
2014-02-17 10:36:16
  • Multiple Updates
2014-01-19 21:23:22
  • Multiple Updates
2013-05-11 11:01:36
  • Multiple Updates