CVE-2007-3481

Published: Jun 28, 2007Modified: Apr 23, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Cross-domain vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to bypass the Same Origin Policy and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute. NOTE: this issue has been disputed by other researchers, citing a variable scoping issue and information about the semantics of document.domain

Affected (2)

Products: Microsoft: Internet Explorer

1 product

Internet Explorer

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Microsoft Internet Explorer	Version 6
Microsoft Internet Explorer	Version 7

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (6)

http://osvdb.org/38953

Source: cve@mitre.org

http://www.0x000000.com/?i=371

Source: cve@mitre.org

http://www.securityfocus.com/bid/24704

Source: cve@mitre.org

http://osvdb.org/38953

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.0x000000.com/?i=371

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/24704

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.