Friday, June 27, 2008 1:48 PM
cmosby
Internet Explorer 6 Window "location" Handling Vulnerability - Secunia - 6/27/08
Internet Explorer 6 Window "location" Handling Vulnerability
Secunia Advisory:
SA30857
Release Date:
2008-06-26
Last Update:
2008-06-27
Critical:
Moderately critical
Impact:
Security Bypass
Cross Site Scripting
Where:
From remote
Solution Status:
Unpatched
Software:
Microsoft Internet Explorer 6.x
Description:
Ph4nt0m Security Team has discovered a vulnerability in Internet Explorer 6, which can be exploited by malicious people to conduct cross-domain scripting attacks.
The vulnerability is caused due to an input validation error when handling the "location" or "location.href" property of a window object. This can be exploited by a malicious website to e.g. open a trusted site and execute arbitrary script code in a user's browser session in context of the trusted site.
The vulnerability is confirmed in IE6 on Windows XP SP2. Other versions may also be affected.
Solution:
Upgrade to Internet Explorer 7, which is unaffected.
Provided and/or discovered by:
Ph4nt0m Security Team
Changelog:
2008-06-27: Added link to US-CERT.
Original Advisory:
Ph4nt0m Security Team (Chinese):
http://www.ph4nt0m.org-a.googlepages.com/PSTZine_0x02_0x04.txtOther References:
US-CERT VU#923508:
http://www.kb.cert.org/vuls/id/923508
Filed under: Patch Management, Browser Wars, Internet Explorer, Security, Software Vulnerabilites