Cross-Domain Security Flaw in Internet Explorer 6.0 by Microsoft
CVE-2005-4827

Currently unrated

Key Information:

Vendor: Microsoft
Status: Ie; Network Camera Server Vb101; Internet Explorer
Vendor: CVE Published:; 31 December 2005

What is CVE-2005-4827?

A vulnerability exists in Internet Explorer that allows remote attackers to bypass the same origin security policy. By manipulating the XMLHttpRequest object, attackers can send requests outside the designated domain using special characters such as tabs and newline characters in the method name. This exploit can be harnessed for referer spoofing and HTTP Request Smuggling attacks, posing a significant threat to user data and privacy.

References

http://seclists.org/fulldisclosure/2007/Feb/0081.html

mailing-listx_refsource_FULLDISC

http://www.securityfocus.com/archive/1/459172/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/14969

vdb-entryx_refsource_BID

EPSS Score

18% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Feb 7, 2007
Vulnerability published
Dec 31, 2005