CVE-2005-4827

Currently unrated

Key Information:

Vendor: Microsoft
Status: Ie; Network Camera Server Vb101; Internet Explorer
Vendor: CVE Published:; 31 December 2005

Summary

Internet Explorer 6.0, and possibly other versions, allows remote attackers to bypass the same origin security policy and make requests outside of the intended domain by calling open on an XMLHttpRequest object (Microsoft.XMLHTTP) and using tab, newline, and carriage return characters within the first argument (method name), which is supported by some proxy servers that convert tabs to spaces. NOTE: this issue can be leveraged to conduct referer spoofing, HTTP Request Smuggling, and other attacks.

References

http://seclists.org/fulldisclosure/2007/Feb/0081.html

mailing-listx_refsource_FULLDISC

http://www.securityfocus.com/archive/1/459172/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/14969

vdb-entryx_refsource_BID

EPSS Score

8% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Feb 7, 2007
Vulnerability published
Dec 31, 2005

Collectors

NVD DatabaseMitre Database