CVE

Id
26933  
CVE No.
CVE-2007-3576  
Status
Candidate  
Description
** DISPUTED ** Microsoft Internet Explorer 6 executes web script from URIs of arbitrary scheme names ending with the "script" character sequence, using the (1) vbscript: handler for scheme names with 7 through 9 characters, and the (2) javascript: handler for scheme names with 10 or more characters, which might allow remote attackers to bypass certain XSS protection schemes. NOTE: other researchers dispute the significance of this issue, stating "this only works when typed in the address bar."  
Phase
Assigned (20070705)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
274935 26933 CVE-2007-3576 MISC:http://groups.google.com/group/php-ids/browse_thread/thread/3ec15f69d6b3dba0  View
274936 26933 CVE-2007-3576 MISC:http://ha.ckers.org/blog/20070702/ie60-protocol-guessing/  View
274937 26933 CVE-2007-3576 MISC:http://sla.ckers.org/forum/read.php?2,13209,13218  View
274938 26933 CVE-2007-3576 MISC:http://www.0x000000.com/?i=375  View
274939 26933 CVE-2007-3576 OSVDB:45813  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
57119 JVNDB-2007-005811 PHPIDS における任意の Web スクリプトを挿入される脆弱性 PHPIDS は、(1) 演算表記および (2) クローズしていないコメントを適切に処理しないため、任意の Web スクリプトを挿入される脆弱性が存在します。 CVE-2007-3578 26933 4.3 http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-005811.html  View