Replicas por favor a microsoft.public.es.windowsxp.seguridad
Existe una prueba de concepto en el mismo link de la noticia.
Microsoft IE Windows XP SP2 File Download Security Can Be Bypassed
With Dynamic IFRAME Tag
http://www.securitytracker.com/aler...12891.html
SecurityTracker Alert ID: 1012891
SecurityTracker URL:
http://securitytracker.com/id?1012891
CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)
Date: Jan 13 2005
Impact: Modification of user information
Exploit Included: Yes
Version(s): 6.0.2900.2180.xpsp_sp2_rtm.040803-2158
Description: Rafel Ivgi (The-Insider) reported a vulnerability in
Microsoft Internet Explorer (IE) on Windows XP SP2. A remote user can
bypass the file download security warning mechanism.
A remote user can create HTML containing a specially crafted BODY tag
with an onclick event that invokes the createElement method to
dynamically create an IFRAME window with an executable file source.
When the HTML is loaded and the target user clicks anywhere within the
body, the referenced executable file source will be downloaded without
presenting the target user with the XP SP2 file download warning
message.
Impact: A remote user can bypass the Windows XP SP2 file download
security mechanism.
Solution: No solution was available at the time of this entry.
Vendor URL: www.microsoft.com/ (Links to External Site)
Cause: Access control error
Underlying OS: Windows (XP)
Underlying OS Comments: XP SP2
Reported By: "The Insider" <the_insider@mail.com>
Message History: None.
Copyright 2004, SecurityGlobal.net LLC
Galería de imagenes Ubuntu Linux (Español).
http://www.ubuntu-es.org/image
Leer las respuestas