4.3

CVE-2007-3576

Exploit
Microsoft Internet Explorer 6 executes web script from URIs of arbitrary scheme names ending with the "script" character sequence, using the (1) vbscript: handler for scheme names with 7 through 9 characters, and the (2) javascript: handler for scheme names with 10 or more characters, which might allow remote attackers to bypass certain XSS protection schemes.  NOTE: other researchers dispute the significance of this issue, stating "this only works when typed in the address bar.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 12.87% 0.958
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://groups.google.com/group/php-ids/browse_thread/thread/3ec15f69d6b3dba0
Exploit
http://ha.ckers.org/blog/20070702/ie60-protocol-guessing/
Exploit
http://osvdb.org/45813
http://sla.ckers.org/forum/read.php?2%2C13209%2C13218
http://www.0x000000.com/?i=375
Exploit