|
|
CVE Reference: CVE-2008-2948 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2008-2948 |
|
|
Description: Cross-domain vulnerability in Microsoft Internet Explorer 7 and 8 allows remote attackers to change the location property of a frame via the Object data type, and use a frame from a different domain to observe domain-independent events, as demonstrated by observing onkeydown events with caballero-listener. NOTE: according to Microsoft, this is a duplicate of CVE-2008-2947, possibly a different attack vector. |
|
|
CVE Status: Candidate |
|
|
References: SAID Secunia Advisory: SA30851 MISC http://www.gnucitizen.org/blog/ghost-busters/ http://technet.microsoft.com/en-us/security/cc405107.aspx#EHD http://sirdarckcat.blogspot.com/2008/05/ghosts-for-ie8-and-ie75730.html http://blogs.zdnet.com/security/?p=1348 CERT-VN 516627 |
|
| Return to the previous page. |
