CVE-2007-3481

EPSS 18.76%
Published 28.06.2007 18:30:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Cross-domain vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to bypass the Same Origin Policy and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute.  NOTE: this issue has been disputed by other researchers, citing a variable scoping issue and information about the semantics of document.domain

Affected products Warnungen 0 Metrics 2 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Internet Explorer Version6

Microsoft ≫ Internet Explorer Version7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	18.76%	0.947

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://osvdb.org/38953

http://www.0x000000.com/?i=371

http://www.securityfocus.com/bid/24704

https://nvd.nist.gov/vuln/detail/CVE-2007-3481

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-3481

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-3481

EUVD