Cross-Domain Security Flaw in Internet Explorer 6.0 by Microsoft
CVE-2005-4827

Currently unrated

Key Information:

Vendor: Microsoft
Status: Ie; Network Camera Server Vb101; Internet Explorer
Vendor: CVE Published:; 31 December 2005

Summary

A vulnerability exists in Internet Explorer that allows remote attackers to bypass the same origin security policy. By manipulating the XMLHttpRequest object, attackers can send requests outside the designated domain using special characters such as tabs and newline characters in the method name. This exploit can be harnessed for referer spoofing and HTTP Request Smuggling attacks, posing a significant threat to user data and privacy.

References

http://seclists.org/fulldisclosure/2007/Feb/0081.html

mailing-listx_refsource_FULLDISC

http://www.securityfocus.com/archive/1/459172/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/14969

vdb-entryx_refsource_BID

EPSS Score

18% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Feb 7, 2007
Vulnerability published
Dec 31, 2005