1. Home
  2. CVE Database
  3. CVE-2008-3472
HIGH · 9.3

CVE-2008-3472

Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy, ...

Vulnerability Description

Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy, and execute arbitrary code or obtain sensitive information, via a crafted HTML document, aka "HTML Element Cross-Domain Vulnerability."

CVSS Score

9.3

HIGH

AV:N/AC:M/Au:N/C:C/I:C/A:C
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE

Affected Products

VendorProductVersions
MicrosoftInternet Explorer5.01
MicrosoftWindows 2000All versions
MicrosoftWindows Server 2003All versions
MicrosoftWindows XpAll versions
MicrosoftWindows Server 2008All versions
MicrosoftWindows VistaAll versions

Related Weaknesses (CWE)

CWE-264

References

FAQ

What is CVE-2008-3472?

CVE-2008-3472 is a vulnerability with a CVSS score of 9.3 (HIGH). Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy, ...

How severe is CVE-2008-3472?

CVE-2008-3472 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2008-3472?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Internet Explorer, Microsoft Windows 2000, Microsoft Windows Server 2003, Microsoft Windows Xp, Microsoft Windows Server 2008.