CVE-2007-3092 - OpenCVE

Microsoft Internet Explorer 6 allows remote attackers to spoof the URL bar, and page properties including SSL certificates, by interrupting page loading through certain use of location DOM objects and setTimeout calls. NOTE: this issue can be leveraged for phishing and other attacks.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Microsoft	Internet Explorer

Configuration 1 [-]

OR	cpe:2.3:a:microsoft:internet_explorer:6.0:::::::*
	cpe:2.3:a:microsoft:internet_explorer:6.0:sp1::::::
	cpe:2.3:a:microsoft:internet_explorer:6.0:sp2::::::

References

Link	Resource
http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0026.html	Broken Link
http://lcamtuf.coredump.cx/ietrap2/	Broken Link
http://osvdb.org/45437	Broken Link
http://secunia.com/advisories/25564	Not Applicable
http://securityreason.com/securityalert/2781	Exploit Third Party Advisory
http://securitytracker.com/id?1018193	Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/470446/100/0/threaded	Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/24298	Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/34705	VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2007-06-06T21:00:00

Updated: 2018-10-16T14:57:01

Reserved: 2007-06-06T00:00:00

Link: CVE-2007-3092

JSON object: View

NVD Information

Status : Analyzed

Published: 2007-06-06T21:30:00.000

Modified: 2021-12-13T18:54:51.270

Link: CVE-2007-3092

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-06-04T00:00:00", "descriptions": [{"lang": "en", "value": "Microsoft Internet Explorer 6 allows remote attackers to spoof the URL bar, and page properties including SSL certificates, by interrupting page loading through certain use of location DOM objects and setTimeout calls. NOTE: this issue can be leveraged for phishing and other attacks."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "45437", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/45437"}, {"name": "1018193", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1018193"}, {"name": "25564", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25564"}, {"name": "20070604 Assorted browser vulnerabilities", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0026.html"}, {"name": "20070604 Assorted browser vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/470446/100/0/threaded"}, {"tags": ["x_refsource_MISC"], "url": "http://lcamtuf.coredump.cx/ietrap2/"}, {"name": "2781", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/2781"}, {"name": "ie-location-url-spoofing(34705)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34705"}, {"name": "24298", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/24298"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-3092", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Microsoft Internet Explorer 6 allows remote attackers to spoof the URL bar, and page properties including SSL certificates, by interrupting page loading through certain use of location DOM objects and setTimeout calls. NOTE: this issue can be leveraged for phishing and other attacks."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "45437", "refsource": "OSVDB", "url": "http://osvdb.org/45437"}, {"name": "1018193", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1018193"}, {"name": "25564", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25564"}, {"name": "20070604 Assorted browser vulnerabilities", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0026.html"}, {"name": "20070604 Assorted browser vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/470446/100/0/threaded"}, {"name": "http://lcamtuf.coredump.cx/ietrap2/", "refsource": "MISC", "url": "http://lcamtuf.coredump.cx/ietrap2/"}, {"name": "2781", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2781"}, {"name": "ie-location-url-spoofing(34705)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34705"}, {"name": "24298", "refsource": "BID", "url": "http://www.securityfocus.com/bid/24298"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-3092", "datePublished": "2007-06-06T21:00:00", "dateReserved": "2007-06-06T00:00:00", "dateUpdated": "2018-10-16T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "587026A7-5480-4B30-8E73-6A9BB31FBCAF", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "1A4B3552-95CE-41AC-83C1-BF93558329D3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Microsoft Internet Explorer 6 allows remote attackers to spoof the URL bar, and page properties including SSL certificates, by interrupting page loading through certain use of location DOM objects and setTimeout calls. NOTE: this issue can be leveraged for phishing and other attacks."}, {"lang": "es", "value": "Microsoft Internet Explorer 6 permite a atacantes remotos falsificar la barra de URL, y las propiedades de la p\u00e1gina incluyendo certificados SSL, interrumpiendo la carga de la p\u00e1gina mediante determinado uso de objetos de localizaci\u00f3n DOM y llamadas a setTimeout. NOTA: este problema puede ser aprovechado para ataques de fraude (phishing) y otros."}], "id": "CVE-2007-3092", "lastModified": "2021-12-13T18:54:51.270", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-06-06T21:30:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0026.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://lcamtuf.coredump.cx/ietrap2/"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://osvdb.org/45437"}, {"source": "cve@mitre.org", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/25564"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "http://securityreason.com/securityalert/2781"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://securitytracker.com/id?1018193"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/470446/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/24298"}, {"source": "cve@mitre.org", "tags": ["VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34705"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}