CSS Cross-Domain Information Disclosure Vulnerability (S03,SP1)ID: oval:org.mitre.oval:def:1556 | Date: (C)2006-06-14 (M)2021-09-11 |
Class: VULNERABILITY | Family: windows |
Microsoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains that are not valid Cascading Style Sheets (CSS) files, as demonstrated using Google Desktop, aka "CSSXSS" and "CSS Cross-Domain Information Disclosure Vulnerability."
Platform: |
Microsoft Windows Server 2003 |
Product: |
Microsoft Internet Explorer |