vendor:
Internet Explorer
by:
Unknown (source: https://www.securityfocus.com/bid/10689/info)
7.5
CVSS
HIGH
Cross-domain/Cross-zone Scripting
Unknown
CWE
Product Name: Internet Explorer
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE: Unknown
CPE: a:microsoft:internet_explorer
Platforms Tested:
Unknown
Cross-domain/Cross-zone Scripting in Microsoft Internet Explorer
A vulnerability exists in Microsoft Internet Explorer that may allow cross-domain/cross-zone scripting. It is reported that the vulnerability presents itself due to a failure to properly validate trust relationships between method calls that are made in separate Internet Explorer windows. This may make it possible for script code to access properties of a foreign domain or Security Zone. Exploitation may permit execution of arbitrary code as the victim user.
Mitigation:
No specific mitigation or remediation mentioned in the provided text.