CVE-2007-3576 - Vulnerability Details - OpenCVE

Microsoft Internet Explorer 6 executes web script from URIs of arbitrary scheme names ending with the "script" character sequence, using the (1) vbscript: handler for scheme names with 7 through 9 characters, and the (2) javascript: handler for scheme names with 10 or more characters, which might allow remote attackers to bypass certain XSS protection schemes. NOTE: other researchers dispute the significance of this issue, stating "this only works when typed in the address bar.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.17398.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Internet Explorer

Configuration 1 [-]

cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://groups.google.com/group/php-ids/browse_thread/thread/3ec15f69d6b3dba0
http://ha.ckers.org/blog/20070702/ie60-protocol-guessing/
http://osvdb.org/45813
http://sla.ckers.org/forum/read.php?2%2C13209%2C13218
http://www.0x000000.com/?i=375

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-07-05T20:00:00

Updated: 2024-08-07T14:21:36.414Z

Reserved: 2007-07-05T00:00:00

Link: CVE-2007-3576

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-07-05T20:30:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-3576

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-07-02T00:00:00", "descriptions": [{"lang": "en", "value": "Microsoft Internet Explorer 6 executes web script from URIs of arbitrary scheme names ending with the \"script\" character sequence, using the (1) vbscript: handler for scheme names with 7 through 9 characters, and the (2) javascript: handler for scheme names with 10 or more characters, which might allow remote attackers to bypass certain XSS protection schemes. NOTE: other researchers dispute the significance of this issue, stating \"this only works when typed in the address bar."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2008-11-15T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://groups.google.com/group/php-ids/browse_thread/thread/3ec15f69d6b3dba0"}, {"name": "45813", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/45813"}, {"tags": ["x_refsource_MISC"], "url": "http://sla.ckers.org/forum/read.php?2%2C13209%2C13218"}, {"tags": ["x_refsource_MISC"], "url": "http://www.0x000000.com/?i=375"}, {"tags": ["x_refsource_MISC"], "url": "http://ha.ckers.org/blog/20070702/ie60-protocol-guessing/"}], "tags": ["disputed"], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-3576", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "** DISPUTED ** Microsoft Internet Explorer 6 executes web script from URIs of arbitrary scheme names ending with the \"script\" character sequence, using the (1) vbscript: handler for scheme names with 7 through 9 characters, and the (2) javascript: handler for scheme names with 10 or more characters, which might allow remote attackers to bypass certain XSS protection schemes. NOTE: other researchers dispute the significance of this issue, stating \"this only works when typed in the address bar.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://groups.google.com/group/php-ids/browse_thread/thread/3ec15f69d6b3dba0", "refsource": "MISC", "url": "http://groups.google.com/group/php-ids/browse_thread/thread/3ec15f69d6b3dba0"}, {"name": "45813", "refsource": "OSVDB", "url": "http://osvdb.org/45813"}, {"name": "http://sla.ckers.org/forum/read.php?2,13209,13218", "refsource": "MISC", "url": "http://sla.ckers.org/forum/read.php?2,13209,13218"}, {"name": "http://www.0x000000.com/?i=375", "refsource": "MISC", "url": "http://www.0x000000.com/?i=375"}, {"name": "http://ha.ckers.org/blog/20070702/ie60-protocol-guessing/", "refsource": "MISC", "url": "http://ha.ckers.org/blog/20070702/ie60-protocol-guessing/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T14:21:36.414Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://groups.google.com/group/php-ids/browse_thread/thread/3ec15f69d6b3dba0"}, {"name": "45813", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/45813"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://sla.ckers.org/forum/read.php?2%2C13209%2C13218"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.0x000000.com/?i=375"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://ha.ckers.org/blog/20070702/ie60-protocol-guessing/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-3576", "datePublished": "2007-07-05T20:00:00", "dateReserved": "2007-07-05T00:00:00", "dateUpdated": "2024-08-07T14:21:36.414Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*", "matchCriteriaId": "693D3C1C-E3E4-49DB-9A13-44ADDFF82507", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [{"sourceIdentifier": "cve@mitre.org", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "Microsoft Internet Explorer 6 executes web script from URIs of arbitrary scheme names ending with the \"script\" character sequence, using the (1) vbscript: handler for scheme names with 7 through 9 characters, and the (2) javascript: handler for scheme names with 10 or more characters, which might allow remote attackers to bypass certain XSS protection schemes. NOTE: other researchers dispute the significance of this issue, stating \"this only works when typed in the address bar."}, {"lang": "es", "value": "** IMPUGNADA ** Microsoft Internet Explorer 6 ejecuta secuencias de comandos (scripts) web desde URIs de nombres de esquema arbitrarios terminados con la secuencia de caracteres \"script\", usando (1)el manejador vbscript: para nombres de esquema desde 7 hasta 9 caracteres, y (2) el manejador javascript: para nombres de esquema con 10 o m\u00e1s caracteres, lo cual podr\u00eda permitir a atacantes remotos evitar determinados esquemas de protecci\u00f3n XSS. NOTA: otros investigadores no le conceden importancia a este problema, afirmando que \"esto s\u00f3lo funciona cuando se escribe en la barra de direcciones\"."}], "id": "CVE-2007-3576", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-07-05T20:30:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://groups.google.com/group/php-ids/browse_thread/thread/3ec15f69d6b3dba0"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://ha.ckers.org/blog/20070702/ie60-protocol-guessing/"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/45813"}, {"source": "cve@mitre.org", "url": "http://sla.ckers.org/forum/read.php?2%2C13209%2C13218"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.0x000000.com/?i=375"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://groups.google.com/group/php-ids/browse_thread/thread/3ec15f69d6b3dba0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://ha.ckers.org/blog/20070702/ie60-protocol-guessing/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/45813"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sla.ckers.org/forum/read.php?2%2C13209%2C13218"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.0x000000.com/?i=375"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}