Vulnerability Details : CVE-2007-3576
Potential exploit
Microsoft Internet Explorer 6 executes web script from URIs of arbitrary scheme names ending with the "script" character sequence, using the (1) vbscript: handler for scheme names with 7 through 9 characters, and the (2) javascript: handler for scheme names with 10 or more characters, which might allow remote attackers to bypass certain XSS protection schemes. NOTE: other researchers dispute the significance of this issue, stating "this only works when typed in the address bar.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2007-3576
- cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-3576
17.40%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 95 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-3576
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
References for CVE-2007-3576
-
http://osvdb.org/45813
-
http://www.0x000000.com/?i=375
0x000000.com is coming soonExploit
-
http://groups.google.com/group/php-ids/browse_thread/thread/3ec15f69d6b3dba0
About new XSS vectors and some PHP-IDS filtersExploit
-
http://sla.ckers.org/forum/read.php?2,13209,13218
Exploit
-
http://sla.ckers.org/forum/read.php?2%2C13209%2C13218
-
http://ha.ckers.org/blog/20070702/ie60-protocol-guessing/
Exploit
Jump to