CVE-2007-1114 - The child frames in Microsoft Internet Explorer 7 inherit the default charset from the parent window

CVE-2007-1114

Summary

The child frames in Microsoft Internet Explorer 7 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.

References

Vulnerable Configurations

cpe:2.3:a:microsoft:ie:7.0:*:vista:*:*:*:*:*
cpe:2.3:a:microsoft:ie:7.0:*:vista:*:*:*:*:*

CVSS

Base:	4.3 (as of 16-10-2018 - 16:36)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

refmap via4

bid	22701
bugtraq	20070223 Advisory 03/2007: Multiple Browsers Cross Domain Charset Inheritance Vulnerability
misc	http://www.hardened-php.net/advisory_032007.142.html
osvdb	32119
secunia	24314
vupen	ADV-2007-0744

Last major update

16-10-2018 - 16:36

Published

26-02-2007 - 23:28

Last modified

16-10-2018 - 16:36