CVE-2008-2947

medium Microsoft
CVSS v3 Base Score
6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS Score
42.0%
Exploitation probability in 30 days
Top 3% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
M
Confidentiality
P
Integrity
P
Availability
P
Published: June 30, 2008 (6526 days ago)
Last Modified: April 23, 2026
Vendor: Microsoft
Source: NVD

Description

Cross-domain vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 7 allows remote attackers to access restricted information from other domains via JavaScript that uses the Object data type for the value of a (1) location or (2) location.href property, related to incorrect determination of the origin of web script, aka "Window Location Property Cross-Domain Vulnerability." NOTE: according to Microsoft, CVE-2008-2948 and CVE-2008-2949 are duplicates of this issue, probably different attack vectors.

CWE

CWE-284

Affected Products

microsoft internet explorer

References

🔗 blogs.zdnet.com 🔗 marc.info 🔗 secunia.com 🔗 www.kb.cert.org 🔗 www.ph4nt0m.org-a.googlepages.com