CVE-2010-1852 : Microsoft Internet Explorer, when the Invisible Hand extension is enabled, uses cookies during background HTTP requests

Microsoft Internet Explorer, when the Invisible Hand extension is enabled, uses cookies during background HTTP requests in a possibly unexpected manner, which might allow remote web servers to identify specific persons and their product searches via HTTP request logging, related to a "cross-site data leakage" issue.

Published 2010-05-07 18:24:16

Updated 2021-07-23 15:12:11

Source MITRE

View at NVD, CVE.org

Vulnerability category: Information leak

Exploit prediction scoring system (EPSS) score for CVE-2010-1852

Probability of exploitation activity in the next 30 days: 0.34%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 71 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2010-1852

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:P/I:N/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2010-1852

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2010-1852

http://www.cnet.com/8301-31361_1-20004265-254.html

How a browser extension leaks Google history to Amazon - CNET

CVEs referencing this url

Products affected by CVE-2010-1852

Microsoft » Internet Explorer
cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2010-1852

Exploit prediction scoring system (EPSS) score for CVE-2010-1852

CVSS scores for CVE-2010-1852

CWE ids for CVE-2010-1852

References for CVE-2010-1852

Products affected by CVE-2010-1852