Definition
New Search
CSS Cross-Domain Information Disclosure Vulnerability (S03SP1)
oval:org.mitre.oval:def:1556
Microsoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains that are not valid Cascading Style Sheets (CSS) files as demonstrated using Google Desktop aka "CSSXSS" and "CSS Cross-Domain Information Disclosure Vulnerability."
Family:
windows
Status:
ACCEPTED
Platform(s):
- Microsoft Windows Server 2003
Class:
vulnerability
Reference(s):
- CVE-2005-4089
Product(s):
- Microsoft Internet Explorer