Back to search
CVE-2005-4089
Published: Dec 8, 2005
Modified: Aug 7, 2024
PUBLISHED
Description
Microsoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains that are not valid Cascading Style Sheets (CSS) files, as demonstrated using Google Desktop, aka "CSSXSS" and "CSS Cross-Domain Information Disclosure Vulnerability."
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
17564
third-party-advisory
x_refsource_SECUNIA
oval:org.mitre.oval:def:1977
vdb-entry
signature
x_refsource_OVAL
oval:org.mitre.oval:def:1800
vdb-entry
signature
x_refsource_OVAL
oval:org.mitre.oval:def:1838
vdb-entry
signature
x_refsource_OVAL
ADV-2006-2319
vdb-entry
x_refsource_VUPEN
1016291
vdb-entry
x_refsource_SECTRACK
oval:org.mitre.oval:def:1985
vdb-entry
signature
x_refsource_OVAL
http://www.hacker.co.il/security/ie/css_import.html
x_refsource_MISC
oval:org.mitre.oval:def:1556
vdb-entry
signature
x_refsource_OVAL
oval:org.mitre.oval:def:1914
vdb-entry
signature
x_refsource_OVAL
15660
vdb-entry
x_refsource_BID
ADV-2005-2804
vdb-entry
x_refsource_VUPEN
MS06-021
vendor-advisory
x_refsource_MS
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now