漏洞标题
N/A
漏洞描述信息
Internet Explorer与其他浏览器(如Mozilla、 Opera 和 Firefox)之间的解释冲突可能会允许远程攻击者修改网页的视觉呈现,并可能绕过保护机制,如内容过滤器,通过具有8位二进制 Set的ASCII字符,这些字符可能会被 Internet Explorer 删除以显示清晰文本,但使用其他浏览器时则不会。注意:关于这个问题的讨论已经相当充分,截至20060625年,目前尚不清楚这个问题的责任所在,尽管这可能是由于相关标准中的模糊不清导致的。注意:这可能需要特定的编码才能利用。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
Interpretation conflict between Internet Explorer and other web browsers such as Mozilla, Opera, and Firefox might allow remote attackers to modify the visual presentation of web pages and possibly bypass protection mechanisms such as content filters via ASCII characters with the 8th bit set, which could be stripped by Internet Explorer to render legible text, but not when using other browsers. NOTE: there has been significant discussion about this issue, and as of 20060625, it is not clear where the responsibility for this issue lies, although it might be due to vagueness within the associated standards. NOTE: this might only be exploitable with certain encodings.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Internet Explorer 浏览器解释冲突 访问控制绕过漏洞
漏洞描述信息
Internet Explorer与Mozilla, Opera和Firefox等其他web浏览器之间存在解释冲突。远程攻击者借助可由 Internet Explorer剥离以表现可读文字而在使用其他浏览器时无法进行的,包含第8位组的ASCII字符,来修改网页的视觉表现,并可能绕过内容过滤器等保护机制。
CVSS信息
N/A
漏洞类别
其他