Explorer XP Multiple Input Validation Vulnerabilities
BID:17303
Info
Explorer XP Multiple Input Validation Vulnerabilities
| Bugtraq ID: | 17303 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 29 2006 12:00AM |
| Updated: | Mar 29 2006 08:38PM |
| Credit: | Amine ABOUD aka Silitix <[email protected]> discovered these issues. |
| Vulnerable: |
Fabien Gauharou Explorer XP 0 |
| Not Vulnerable: | |
Discussion
Explorer XP Multiple Input Validation Vulnerabilities
Explorer XP is prone to cross-site scripting and information-disclosure vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage the cross-site scripting issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
An attacker may leverage the information-disclosure issue to gain access to the contents of arbitrary files with the privileges of the hosting webserver. This may aid the attacker in further attacks.
Explorer XP is prone to cross-site scripting and information-disclosure vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage the cross-site scripting issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
An attacker may leverage the information-disclosure issue to gain access to the contents of arbitrary files with the privileges of the hosting webserver. This may aid the attacker in further attacks.
Exploit / POC
Explorer XP Multiple Input Validation Vulnerabilities
These issues can be exploited with a web browser.
These issues can be exploited with a web browser.
Solution / Fix
Explorer XP Multiple Input Validation Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
References
Explorer XP Multiple Input Validation Vulnerabilities
References:
References:
- Explorer XP Home Page (Fabien Gauharou)