CVE-2010-0494

Published: Mar 31, 2010Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Cross-domain vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted HTML document in a situation where the client user drags one browser window across another browser window, aka "HTML Element Cross-Domain Vulnerability."

Affected (28)

Products: Microsoft: Internet Explorer, Windows Server 2008, Windows 2003 Server, Windows 7, Windows Server 2003, Windows Vista, Windows Xp, Windows 2000

8 products

Configuration B

6 vulnerable

Vulnerable Software	Affected Versions
Microsoft Internet Explorer	Version 7
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	All versions

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Microsoft Internet Explorer	Version 6

Configuration D

19 vulnerable

Vulnerable Software	Affected Versions
Microsoft Internet Explorer	Version 8.0.6001
Microsoft Internet Explorer	Version 8
Microsoft Windows 2003 Server	All versions
Microsoft Windows 2003 Server	All versions
Microsoft Windows 7	All versions
Microsoft Windows Server 2003	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Vista	All versions
Microsoft Windows Vista	All versions
Microsoft Windows Vista	All versions
Microsoft Windows Vista	All versions
Microsoft Windows Vista	All versions
Microsoft Windows Vista	All versions
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions