CVE-2010-0488
31.03.2010, 19:30
Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 does not properly handle unspecified "encoding strings," which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site, aka "Post Encoding Information Disclosure Vulnerability."Enginsight
| Vendor | Product | Version |
|---|---|---|
| microsoft | windows_2003_server | * |
| microsoft | windows_server_2003 | * |
| microsoft | windows_xp | * |
| microsoft | windows_xp | * |
| microsoft | windows_xp | - |
| microsoft | windows_server_2008 | * |
| microsoft | windows_server_2008 | * |
| microsoft | windows_server_2008 | * |
| microsoft | windows_server_2008 | * |
| microsoft | windows_server_2008 | - |
| microsoft | windows_server_2008 | - |
| microsoft | windows_vista | * |
| microsoft | windows_vista | * |
| microsoft | windows_vista | * |
| microsoft | windows_vista | * |
| microsoft | windows_2003_server | * |
| microsoft | windows_2003_server | * |
| microsoft | windows_server_2003 | * |
| microsoft | windows_xp | * |
| microsoft | windows_xp | * |
| microsoft | windows_xp | - |
| microsoft | internet_explorer | 5.01:sp4 |
| microsoft | windows_2000 | * |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-200 - Exposure of Sensitive Information to an Unauthorized ActorThe product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
- CWE-732 - Incorrect Permission Assignment for Critical ResourceThe product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
References