CVE-2005-4089 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2005-4089
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2005-4089

Description: Microsoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains that are not valid Cascading Style Sheets (CSS) files, as demonstrated using Google Desktop, aka "CSSXSS" and "CSS Cross-Domain Information Disclosure Vulnerability."

CVE Status: Candidate

References: ST 1016291 SAID Secunia Advisory: SA17564 OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1556 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1800 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1838 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1914 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1977 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1985 MS http://www.microsoft.com/technet/security/bulletin/ms06-021.mspx MISC http://www.hacker.co.il/security/ie/css_import.html BID 15660

Return to the previous page.