CVE-2006-4560

Exploit

EPSS 21.47%
Veröffentlicht 06.09.2006 00:04:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Internet Explorer 6 on Windows XP SP2 allows remote attackers to execute arbitrary JavaScript in the context of the browser's session with an arbitrary intranet web server, by hosting script on an Internet web server that can be made inaccessible by the attacker and that has a domain name under the attacker's control, which can force the browser to drop DNS pinning and perform a new DNS query for the domain name after the script is already running.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Ie Version6 Updatewindows_server_2003_sp1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	21.47%	0.955

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://polyboy.net/xss/dnsslurp.html

Exploit

URL Repurposed

http://shampoo.antville.org/stories/1451301/

http://www.osvdb.org/31329

http://www.securityfocus.com/archive/1/443209/100/200/threaded

https://nvd.nist.gov/vuln/detail/CVE-2006-4560

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-4560

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-4560

EUVD