Vulnerability Details : CVE-2010-0652
Microsoft Internet Explorer permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote HTTP servers to obtain sensitive information via a crafted document.
Vulnerability category: Information leak
Products affected by CVE-2010-0652
- cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2010-0652
0.36%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 73 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2010-0652
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2010-0652
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-0652
-
http://code.google.com/p/chromium/issues/detail?id=9877
9877 - Security: cross domain thefts via CSS string property injection - chromium - MonorailExploit
Jump to