CVE-2008-2947
Detail
Deferred This CVE record is not being prioritized for NVD enrichment efforts due to resource or other concerns.
Description
Cross-domain vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 7 allows remote attackers to access restricted information from other domains via JavaScript that uses the Object data type for the value of a (1) location or (2) location.href property, related to incorrect determination of the origin of web script, aka "Window Location Property Cross-Domain Vulnerability." NOTE: according to Microsoft, CVE-2008-2948 and CVE-2008-2949 are duplicates of this issue, probably different attack vectors.
Metrics
CVSS Version 4.0
CVSS Version 3.x
CVSS Version 2.0
NVD enrichment efforts reference publicly available information to associate
vector strings. CVSS information contributed by other sources is also
displayed.
CVSS 4.0 Severity and Vector Strings:
NVD assessment
not yet provided.
CVSS 3.x Severity and Vector Strings:
NVD assessment
not yet provided.
CVSS 2.0 Severity and Vector Strings:
Vector:
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
References to Advisories, Solutions, and Tools
By selecting these links, you will be leaving NIST webspace.
We have provided these links to other web sites because they
may have information that would be of interest to you. No
inferences should be drawn on account of other sites being
referenced, or not, from this page. There may be other web
sites that are more appropriate for your purpose. NIST does
not necessarily endorse the views expressed, or concur with
the facts presented on these sites. Further, NIST does not
endorse any commercial products that may be mentioned on
these sites. Please address comments about this page to [email protected]
URL
Source(s)
Tag(s)
http://blogs.zdnet.com/security/?p=1348
CVE, MITRE
Press/Media Coverage
http://marc.info/?l=bugtraq&m=122479227205998&w=2
CVE, MITRE
Mailing List
http://secunia.com/advisories/30857
CVE, MITRE
Permissions Required
Vendor Advisory
http://www.kb.cert.org/vuls/id/923508
CVE, MITRE
Third Party Advisory
US Government Resource
http://www.ph4nt0m.org-a.googlepages.com/PSTZine_0x02_0x04.txt
CVE, MITRE
Exploit
http://www.securityfocus.com/bid/29960
CVE, MITRE
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1020382
CVE, MITRE
Third Party Advisory
VDB Entry
http://www.us-cert.gov/cas/techalerts/TA08-288A.html
CVE, MITRE
Third Party Advisory
US Government Resource
http://www.vupen.com/english/advisories/2008/1940/references
CVE, MITRE
Broken Link
http://www.vupen.com/english/advisories/2008/2809
CVE, MITRE
Broken Link
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-058
CVE, MITRE
https://exchange.xforce.ibmcloud.com/vulnerabilities/43366
CVE, MITRE
https://exchange.xforce.ibmcloud.com/vulnerabilities/45565
CVE, MITRE
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5901
CVE, MITRE
Weakness Enumeration
CWE-ID
CWE Name
Source
CWE-284
Improper Access Control
NIST
Change History
8 change records found show changes
CVE Modified by CVE 11/20/2024 7:48:04 PM
Action
Type
Old Value
New Value
Added
Reference
http://blogs.zdnet.com/security/?p=1348
Added
Reference
http://marc.info/?l=bugtraq&m=122479227205998&w=2
Added
Reference
http://marc.info/?l=bugtraq&m=122479227205998&w=2
Added
Reference
http://secunia.com/advisories/30857
Added
Reference
http://www.kb.cert.org/vuls/id/923508
Added
Reference
http://www.ph4nt0m.org-a.googlepages.com/PSTZine_0x02_0x04.txt
Added
Reference
http://www.securityfocus.com/bid/29960
Added
Reference
http://www.securitytracker.com/id?1020382
Added
Reference
http://www.us-cert.gov/cas/techalerts/TA08-288A.html
Added
Reference
http://www.vupen.com/english/advisories/2008/1940/references
Added
Reference
http://www.vupen.com/english/advisories/2008/2809
Added
Reference
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-058
Added
Reference
https://exchange.xforce.ibmcloud.com/vulnerabilities/43366
Added
Reference
https://exchange.xforce.ibmcloud.com/vulnerabilities/45565
Added
Reference
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5901
CVE Modified by MITRE 5/13/2024 9:54:19 PM
Action
Type
Old Value
New Value
CVE Modified by MITRE 10/12/2018 5:47:37 PM
Action
Type
Old Value
New Value
Added
Reference
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-058 [No Types Assigned]
Removed
Reference
http://www.microsoft.com/technet/security/Bulletin/MS08-058.mspx [Mitigation, Patch, Vendor Advisory]
CVE Modified by MITRE 9/28/2017 9:31:26 PM
Action
Type
Old Value
New Value
Added
Reference
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5901 [No Types Assigned]
Removed
Reference
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5901 [Not Applicable]
CVE Modified by MITRE 8/07/2017 9:31:28 PM
Action
Type
Old Value
New Value
Added
Reference
https://exchange.xforce.ibmcloud.com/vulnerabilities/43366 [No Types Assigned]
Added
Reference
https://exchange.xforce.ibmcloud.com/vulnerabilities/45565 [No Types Assigned]
Removed
Reference
http://xforce.iss.net/xforce/xfdb/43366 [Third Party Advisory, VDB Entry]
Removed
Reference
http://xforce.iss.net/xforce/xfdb/45565 [Third Party Advisory, VDB Entry]
Modified Analysis by NIST 11/08/2016 11:57:42 AM
Action
Type
Old Value
New Value
Added
CWE
CWE-284
Changed
CPE Configuration
Record truncated, showing 2048 of 2784 characters. View Entire Change Record Configuration 1
AND
OR
cpe:2.3:o:microsoft:windows-nt:xp:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows-nt:xp:*:pro:*:*:*:*:*
cpe:2.3:o:microsoft:windows-nt:xp:sp2:home:*:*:*:*:*
cpe:2.3:o:microsoft:windows-nt:xp:sp3:home:*:*:*:*:*
cpe:2.3:o:microsoft:windows-nt:xp:sp3:pro:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:*:adv_srv:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:*:datacenter_srv:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:*:pro:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:*:srv:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:gold:adv_srv:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:gold:datacenter_srv:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:gold:pro:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:gold:srv:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp1:adv_srv:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp1:datacenter_srv:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp1:pro:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp1:srv:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp2:adv_srv:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp2:datacenter_srv:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp2:pro:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp2:srv:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:*:datacenter:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:*:enterprise:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:*:std:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:*:wed:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:gold:datacenter:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:gold:enterprise:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:gold:s
Configuration 1
OR
*cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*
*cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
*cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*
Changed
Reference Type
http://blogs.zdnet.com/security/?p=1348 No Types Assigned
http://blogs.zdnet.com/security/?p=1348 Press/Media Coverage
Changed
Reference Type
http://marc.info/?l=bugtraq&m=122479227205998&w=2 No Types Assigned
http://marc.info/?l=bugtraq&m=122479227205998&w=2 Mailing List
Changed
Reference Type
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5901 No Types Assigned
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5901 Not Applicable
Changed
Reference Type
http://secunia.com/advisories/30857 Vendor Advisory
http://secunia.com/advisories/30857 Permissions Required, Vendor Advisory
Changed
Reference Type
http://www.kb.cert.org/vuls/id/923508 US Government Resource
http://www.kb.cert.org/vuls/id/923508 Third Party Advisory, US Government Resource
Changed
Reference Type
http://www.microsoft.com/technet/security/Bulletin/MS08-058.mspx No Types Assigned
http://www.microsoft.com/technet/security/Bulletin/MS08-058.mspx Mitigation, Vendor Advisory, Patch
Changed
Reference Type
http://www.securityfocus.com/bid/29960 No Types Assigned
http://www.securityfocus.com/bid/29960 Third Party Advisory, VDB Entry
Changed
Reference Type
http://www.securitytracker.com/id?1020382 No Types Assigned
http://www.securitytracker.com/id?1020382 Third Party Advisory, VDB Entry
Changed
Reference Type
http://www.us-cert.gov/cas/techalerts/TA08-288A.html US Government Resource
http://www.us-cert.gov/cas/techalerts/TA08-288A.html Third Party Advisory, US Government Resource
Changed
Reference Type
http://www.vupen.com/english/advisories/2008/1940/references No Types Assigned
http://www.vupen.com/english/advisories/2008/1940/references Broken Link
Changed
Reference Type
http://www.vupen.com/english/advisories/2008/2809 No Types Assigned
http://www.vupen.com/english/advisories/2008/2809 Broken Link
Changed
Reference Type
http://xforce.iss.net/xforce/xfdb/43366 No Types Assigned
http://xforce.iss.net/xforce/xfdb/43366 Third Party Advisory, VDB Entry
Changed
Reference Type
http://xforce.iss.net/xforce/xfdb/45565 No Types Assigned
http://xforce.iss.net/xforce/xfdb/45565 Third Party Advisory, VDB Entry
Initial CVE Analysis 11/08/2016 9:45:03 AM
Action
Type
Old Value
New Value
Added
CWE
CWE-284
Changed
CPE Configuration
Record truncated, showing 2048 of 2784 characters. View Entire Change Record Configuration 1
AND
OR
cpe:2.3:o:microsoft:windows-nt:xp:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows-nt:xp:*:pro:*:*:*:*:*
cpe:2.3:o:microsoft:windows-nt:xp:sp2:home:*:*:*:*:*
cpe:2.3:o:microsoft:windows-nt:xp:sp3:home:*:*:*:*:*
cpe:2.3:o:microsoft:windows-nt:xp:sp3:pro:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:*:adv_srv:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:*:datacenter_srv:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:*:pro:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:*:srv:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:gold:adv_srv:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:gold:datacenter_srv:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:gold:pro:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:gold:srv:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp1:adv_srv:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp1:datacenter_srv:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp1:pro:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp1:srv:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp2:adv_srv:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp2:datacenter_srv:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp2:pro:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp2:srv:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:*:datacenter:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:*:enterprise:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:*:std:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:*:wed:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:gold:datacenter:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:gold:enterprise:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:gold:s
Configuration 1
OR
*cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*
*cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
*cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*
Changed
Reference Type
http://blogs.zdnet.com/security/?p=1348 No Types Assigned
http://blogs.zdnet.com/security/?p=1348 Press/Media Coverage
Changed
Reference Type
http://marc.info/?l=bugtraq&m=122479227205998&w=2 No Types Assigned
http://marc.info/?l=bugtraq&m=122479227205998&w=2 Mailing List
Changed
Reference Type
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5901 No Types Assigned
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5901 Broken Link
Changed
Reference Type
http://secunia.com/advisories/30857 Vendor Advisory
http://secunia.com/advisories/30857 Permissions Required, Vendor Advisory
Changed
Reference Type
http://www.securityfocus.com/bid/29960 No Types Assigned
http://www.securityfocus.com/bid/29960 Third Party Advisory, VDB Entry
Changed
Reference Type
http://www.securitytracker.com/id?1020382 No Types Assigned
http://www.securitytracker.com/id?1020382 Third Party Advisory, VDB Entry
Changed
Reference Type
http://www.vupen.com/english/advisories/2008/1940/references No Types Assigned
http://www.vupen.com/english/advisories/2008/1940/references Broken Link
Changed
Reference Type
http://www.vupen.com/english/advisories/2008/2809 No Types Assigned
http://www.vupen.com/english/advisories/2008/2809 Broken Link
Changed
Reference Type
http://xforce.iss.net/xforce/xfdb/43366 No Types Assigned
http://xforce.iss.net/xforce/xfdb/43366 Third Party Advisory, VDB Entry
Changed
Reference Type
http://xforce.iss.net/xforce/xfdb/45565 No Types Assigned
http://xforce.iss.net/xforce/xfdb/45565 Third Party Advisory, VDB Entry
Initial CVE Analysis 7/01/2008 11:18:00 AM
Action
Type
Old Value
New Value
Quick Info
CVE Dictionary Entry: CVE-2008-2947 NVD
Published Date: 06/30/2008 NVD
Last Modified: 04/08/2025
Source: MITRE
) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
