Internet Explorer 浏览器解释冲突 访问控制绕过漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1194394 漏洞类型 未知
发布时间 2006-06-26 更新时间 2006-06-26
CVE编号 CVE-2006-3227 CNNVD-ID CNNVD-200606-499
漏洞平台 N/A CVSS评分 2.6
|漏洞来源
https://www.securityfocus.com/bid/81537
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200606-499
|漏洞详情
InternetExplorer与Mozilla,Opera和Firefox等其他web浏览器之间存在解释冲突。远程攻击者借助可由InternetExplorer剥离以表现可读文字而在使用其他浏览器时无法进行的,包含第8位组的ASCII字符,来修改网页的视觉表现,并可能绕过内容过滤器等保护机制。
|受影响的产品
Microsoft Internet Explorer 6.0.2900
|参考资料

来源:XF
名称:ie-ascii-encoded-web-filter-bypass(27288)
链接:http://xforce.iss.net/xforce/xfdb/27288
来源:BUGTRAQ
名称:20060623Re:BypassingofwebfiltersbyusingASCII
链接:http://www.securityfocus.com/archive/1/archive/1/438163/100/0/threaded
来源:BUGTRAQ
名称:20060623RE:BypassingofwebfiltersbyusingASCII
链接:http://www.securityfocus.com/archive/1/archive/1/438154/100/0/threaded
来源:BUGTRAQ
名称:20060622Re:BypassingofwebfiltersbyusingASCII
链接:http://www.securityfocus.com/archive/1/archive/1/438066/100/0/threaded
来源:BUGTRAQ
名称:20060621Re:BypassingofwebfiltersbyusingASCII
链接:http://www.securityfocus.com/archive/1/archive/1/438049/100/0/threaded
来源:BUGTRAQ
名称:20060621BypassingofwebfiltersbyusingASCII
链接:http://www.securityfocus.com/archive/1/archive/1/437948/100/0/threaded
来源:BUGTRAQ
名称:20060621Re:BypassingofwebfiltersbyusingASCII
链接:http://www.securityfocus.com/archive/1/438051/100/0/threaded
来源:MISC
链接:http://ha.ckers.org/blog/20060621/us-ascii-xss-part-2
来源:BUGTRAQ
名称:20060626RE:BypassingofwebfiltersbyusingAS