[SEG] Microsoft Internet Explorer Window Injection Vulnerability

08/12/2004 - 19:43 por Windows | Informe spam
(ver "solution" :-)


Microsoft Internet Explorer Window Injection Vulnerability
http://secunia.com/advisories/13251/

Secunia Advisory: SA13251 Print Advisory
Release Date: 2004-12-08

Critical:Moderately critical
Impact: Spoofing
Where: From remote
Solution Status: Unpatched

Software:
Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6

Select a product and view a complete list of all Patched/Unpatched
Secunia advisories affecting it.

Description:
Secunia Research has reported a vulnerability in Microsoft Internet
Explorer, which can be exploited by malicious people to spoof the
content of websites.

The problem is that a website can inject content into another site's
window if the target name of the window is known. This can e.g. be
exploited by a malicious website to spoof the content of a pop-up
window opened on a trusted website.

This is related to:
SA11966

Secunia has constructed a test, which can be used to check if your
browser is affected by this issue:
http://secunia.com/multiple_browser...lity_test/

The vulnerability has been confirmed on a fully patched system with
Internet Explorer 6.0 and Microsoft Windows XP SP1/SP2.

Solution:
Do not browse untrusted sites while browsing trusted sites.

Provided and/or discovered by:
Secunia Research

Original Advisory:
http://secunia.com/secunia_research.../advisory/

Other References:
SA11966:
http://secunia.com/advisories/11966/

Preguntas similare

Leer las respuestas

#1 FAQsimil
09/12/2004 - 13:02 | Informe spam
"Windows" escribió en el mensaje news:
(ver "solution" :-)

Solution:
Do not browse untrusted sites while browsing trusted sites.




Otra solution :-)
La vulnerabilidad (o por lo menos el test de secunia) se elimina si cambiamos
la opcion "Desplazar subtramas a traves de dominios distintos" en la configu-
racion de seguridad de la zona Internet. Por defecto esta en Activar. Hay que
ponerlo en Desactivar.


Visita los foros de
www.infochaos.com
email Siga el debate Respuesta Responder a este mensaje
Ads by Google
Help Hacer una preguntaRespuesta Tengo una respuesta
Search Busqueda sugerida