New Search

CSS Cross-Domain Information Disclosure Vulnerability (Win2K)

oval:org.mitre.oval:def:1800

Microsoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains that are not valid Cascading Style Sheets (CSS) files as demonstrated using Google Desktop aka "CSSXSS" and "CSS Cross-Domain Information Disclosure Vulnerability."

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows 2000
Class:
vulnerability
Reference(s):
  • CVE-2005-4089
Product(s):
  • Microsoft Internet Explorer