Skip to content
Medium Published: Jun 30, 2008 Modified: Apr 09, 2025

CVE-2008-2947

6.8 CVSS Score Medium
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Export CVE-2008-2947 Data:
Share:
Link copied!

Description

Cross-domain vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 7 allows remote attackers to access restricted information from other domains via JavaScript that uses the Object data type for the value of a (1) location or (2) location.href property, related to incorrect determination of the origin of web script, aka "Window Location Property Cross-Domain Vulnerability." NOTE: according to Microsoft, CVE-2008-2948 and CVE-2008-2949 are duplicates of this issue, probably different attack vectors.

CVSS Vector Details

Attack Vector Network
Attack Complexity M
Confidentiality P
Integrity P
Availability P

Affected Software Configurations

  • a microsoft internet_explorer 5.01 sp4 * * * * * *
  • a microsoft internet_explorer 6 * * * * * * *
  • a microsoft internet_explorer 7 * * * * * * *

Weaknesses (CWE)

  • CWE-284

References & External Links

External Resources

NVD Official Record Exploit-DB Search Exploits CVE Details Statistics GitHub PoC / Tools X / Twitter Discussions Google Search More

Related Vulnerabilities

CVE-2001-0781 CVSS 0 Same weakness: CWE-284 CVE-2009-2092 CVSS 0 Same weakness: CWE-284 CVE-2011-4016 CVSS 0 Same weakness: CWE-284 CVE-2012-1327 CVSS 0 Same weakness: CWE-284 CVE-2012-2947 CVSS 0 Same weakness: CWE-284

CVE History Timeline

Jul 01, 2008 15:18 Initial Analysis
Nov 08, 2016 14:45 Initial Analysis
Nov 08, 2016 16:57 Modified Analysis
Aug 08, 2017 01:31 CVE Modified
Sep 29, 2017 01:31 CVE Modified
Oct 12, 2018 21:47 CVE Modified
May 14, 2024 01:54 CVE Modified
Nov 21, 2024 00:48 CVE Modified
← Back to CVE Tracker