CVE-2008-3473

Published: Oct 15, 2008Modified: Apr 23, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy, and execute arbitrary code or obtain sensitive information, via a crafted HTML document, aka "Event Handling Cross-Domain Vulnerability."

Affected (4)

Products: Microsoft: Internet Explorer

1 product

Internet Explorer

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Microsoft Internet Explorer	Version 5.01 sp4

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Microsoft Internet Explorer	Version 6

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Microsoft Internet Explorer	Version 6 sp1

Running on/with	Platform Versions
Microsoft Windows 2000	All versions

Configuration D

1 vulnerable · 15 platform

Vulnerable Software	Affected Versions
Microsoft Internet Explorer	Version 7

Running on/with	Platform Versions
Microsoft Windows Server 2003	All versions
Microsoft Windows Server 2003	All versions
Microsoft Windows Server 2003	All versions
Microsoft Windows Server 2003	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Vista	All versions
Microsoft Windows Vista	All versions
Microsoft Windows Vista	All versions
Microsoft Windows Vista	All versions
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions

Related CWEs

References (18)

http://marc.info/?l=bugtraq&m=122479227205998&w=2

Source: secure@microsoft.com

Mailing ListRelease NotesThird Party Advisory

http://www.securityfocus.com/bid/31616

Source: secure@microsoft.com

PatchThird Party AdvisoryVDB Entry

http://www.securitytracker.com/id?1021047

Source: secure@microsoft.com

Third Party AdvisoryVDB Entry

http://www.us-cert.gov/cas/techalerts/TA08-288A.html

Source: secure@microsoft.com

Third Party AdvisoryUS Government Resource

http://www.vupen.com/english/advisories/2008/2809

Source: secure@microsoft.com

Broken Link

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-058

Source: secure@microsoft.com

PatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/45562

Source: secure@microsoft.com

VDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/45565

Source: secure@microsoft.com

VDB Entry

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13255

Source: secure@microsoft.com

Third Party Advisory

http://marc.info/?l=bugtraq&m=122479227205998&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListRelease NotesThird Party Advisory

http://www.securityfocus.com/bid/31616

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party AdvisoryVDB Entry

http://www.securitytracker.com/id?1021047

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.us-cert.gov/cas/techalerts/TA08-288A.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

http://www.vupen.com/english/advisories/2008/2809

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-058

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/45562

Source: af854a3a-2127-422b-91ae-364da2661108

VDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/45565

Source: af854a3a-2127-422b-91ae-364da2661108

VDB Entry

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13255

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.