Executive Summary
Summary | |
---|---|
Title | Microsoft Internet Explorer cross-domain frame race condition |
Informations | |||
---|---|---|---|
Name | VU#471361 | First vendor Publication | 2007-06-05 |
Vendor | VU-CERT | Last vendor Modification | 2007-06-07 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.1 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#471361Microsoft Internet Explorer cross-domain frame race conditionOverviewMicrosoft Internet Explorer contains a race condition that results in a cross-domain violation.I. DescriptionInternet Explorer uses a cross-domain security model to maintain separation between browser frames from different sources. This model is designed to prevent code in one domain from accessing data in a different domain. The Internet Security Manager Object determines which zone or domain a URL exists in and what actions can be performed.A race condition in Internet Explorer may allow an attacker to evade the cross-domain security model. Note that Internet Explorer 6 and Internet Explorer 7 are affected by this vulnerability. Do not follow unsolicited links
References
This issue was reported by Michal Zalewski on the Full-Disclosure mailing list. This document was written by Ryan Giobbi.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/471361 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-362 | Race Condition |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:6041 | |||
Oval ID: | oval:org.mitre.oval:def:6041 | ||
Title: | Race Condition Cross-Domain Information Disclosure Vulnerability | ||
Description: | Race condition in Microsoft Internet Explorer 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code or perform other actions upon a page transition, with the permissions of the old page and the content of the new page, as demonstrated by setInterval functions that set location.href within a try/catch expression, aka the "bait & switch vulnerability" or "Race Condition Cross-Domain Information Disclosure Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2007-3091 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-06-15 | Name : Ubuntu USN-785-1 (ipsec-tools) File : nvt/ubuntu_785_1.nasl |
2009-06-10 | Name : Cumulative Security Update for Internet Explorer (969897) File : nvt/secpod_ms09-019.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
54944 | Microsoft IE Race Condition Cross-Domain Information Disclosure |
38497 | Microsoft IE Page Transaction Race Condition Arbitrary Code Execution |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft Internet Explorer Javascript Page update race condition attempt RuleID : 16010 - Revision : 9 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer cross-domain navigation cookie stealing attempt RuleID : 15529 - Revision : 9 - Type : BROWSER-IE |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2009-06-10 | Name : Arbitrary code can be executed on the remote host through a web browser. File : smb_nt_ms09-019.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2015-05-08 13:28:04 |
|