Source Element Cross-Domain flaw in Internet Explorer 6

IE does not properly identify the originating domain zone

Robert Vamosi Former Editor

As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.

See full bio

Robert Vamosi

Jan. 23, 2007 12:46 p.m. PT

A flaw in Microsoft Internet Explorer 5.01 and 6 means the Internet browser does not properly identify the originating domain zone. This can be a problem when handling redirects, which in turn allows remote attackers to read cross-domain Web pages. It might also allow attackers to execute code via a specially crafted web page.

Additional Resources:

US-CERT Technical Alert: TA06-220A
US-CERT Vulnerability Note: VU#252764
Microsoft Patch: MS06-042
FRSIRT: ADV-2006-3212
SECUNIA: 21396

Mobile Guides

Phones

Foldable Phones

Headphones

Mobile Accessories

Smartwatches

Wireless Plans