Saturday, June 28, 2008

Internet Explorer 6 Window "location" Handling Vulnerability

Typical cross-site scripting (XSS) vulnerability found in IE6.



The vulnerability is caused due to an input validation error when handling the "location" or "location.href" property of a window object. This can be exploited by a malicious website to e.g. open a trusted site and execute arbitrary script code in a user"s browser session in context of the trusted site.



POC:

http://raffon.net/research/ms/ie/crossdomain/string.html



Recommendation:


  • To company: Upgrade to IE7.

  • To user: Switch to Firefox.




References:


  • http://www.f-secure.com/vulnerabilities/SA30857

  • http://www.f-secure.com/weblog/archives/00001463.html