CVE-2006-4560

Exploit

EPSS 21.47%
Published 06.09.2006 00:04:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

Internet Explorer 6 on Windows XP SP2 allows remote attackers to execute arbitrary JavaScript in the context of the browser's session with an arbitrary intranet web server, by hosting script on an Internet web server that can be made inaccessible by the attacker and that has a domain name under the attacker's control, which can force the browser to drop DNS pinning and perform a new DNS query for the domain name after the script is already running.

Affected products Warnungen 0 Metrics 2 CWE 0 References 7

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Ie Version6 Updatewindows_server_2003_sp1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	21.47%	0.955

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://polyboy.net/xss/dnsslurp.html

Exploit

URL Repurposed

http://shampoo.antville.org/stories/1451301/

http://www.osvdb.org/31329

http://www.securityfocus.com/archive/1/443209/100/200/threaded

https://nvd.nist.gov/vuln/detail/CVE-2006-4560

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-4560

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-4560

EUVD