VYPR
Unrated severityNVD Advisory· Published Jun 30, 2008· Updated Jun 16, 2026

CVE-2008-2947

CVE-2008-2947

Description

Cross-domain vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 7 allows remote attackers to access restricted information from other domains via JavaScript that uses the Object data type for the value of a (1) location or (2) location.href property, related to incorrect determination of the origin of web script, aka "Window Location Property Cross-Domain Vulnerability." NOTE: according to Microsoft, CVE-2008-2948 and CVE-2008-2949 are duplicates of this issue, probably different attack vectors.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*
    • (no CPE)range: 5.01 SP4, 6, and 7

Patches

Vulnerability mechanics

References

14

News mentions

0

No linked articles in our index yet.