Reported June 17, 2003, by
GreyMagic Security Research.
VERSIONS AFFECTED
·Microsoft
Internet Explorer (IE) 6.0, 5.5, and 5.01
DESCRIPTION
Two new vulnerabilities in
Microsoft IE can result in the execution of arbitrary code on the vulnerable
system. These two vulnerabilities consist of the following:
·
A cross site scripting vulnerability results from IE not filtering a displayed
URL properly and might cause the browser to render HTML passed in the
querystring of the URL.
·
A script-injection vulnerability results from a flaw in a common function that
internal resources use. An attacker can exploit this flaw to execute script
commands in the My Computer zone.
For detailed information
about these vulnerabilities, see the discoverer’s
web site.
DEMONSTRATION
The discoverer posted the
following demonstrations as proof of concept:
Cross-Site Scripting in
Unparsable XML Files
This sample shows the
basic URL for injecting content:
http://host.with.unparsable.xml.file/flaw.xml?<script>alert(document.cookie)</script>
Script Injection to Custom
HTTP Errors in Local Zone:
This URL will cause
the resource to output a "javascript:" link to the document, which will execute
when the user clicks on it:
res://shdoclc.dll/HTTP_501.htm#javascript:%2f*://*%2falert(location.href)/
Copy and paste the
above URL in your browser, then click the red link in order to test it.
VENDOR RESPONSE
Microsoft
was notified on February 20, 2003, but hasn't released a fix for these problems.
CREDIT
Discovered by
Grey Magic Security Research.
Multiple Vulnerabilities in Microsoft Internet Explorer - 20 Jun 2003
0 comments
Hide comments