Microsoft Internet Explorer JavaScript Cross Domain Information Disclosure Vulnerability
BID:24283
Info
Microsoft Internet Explorer JavaScript Cross Domain Information Disclosure Vulnerability
| Bugtraq ID: | 24283 |
| Class: | Design Error |
| CVE: |
CVE-2007-3091 |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 04 2007 12:00AM |
| Updated: | Jun 12 2009 03:39PM |
| Credit: | Michal Zalewski is credited with the discovery of this vulnerability. |
| Vulnerable: |
WebKit Open Source Project WebKit 0 Microsoft Internet Explorer 7.0 Microsoft Internet Explorer 6.0 SP1 Microsoft Internet Explorer 6.0 Avaya Messaging Application Server MM 3.1 Avaya Messaging Application Server MM 3.0 Avaya Messaging Application Server MM 2.0 Avaya Messaging Application Server MM 1.1 Avaya Messaging Application Server 0 |
| Not Vulnerable: | |
Discussion
Microsoft Internet Explorer JavaScript Cross Domain Information Disclosure Vulnerability
The browser is prone to a cross-domain information-disclosure vulnerability because scripts may persist across navigations.
This vulnerability may let a malicious site interact with a site in an arbitrary external domain. Attackers could exploit this to gain access to sensitive information that is associated with the external domain. Other attacks may be possible, such as executing script code in other browser security zones.
UPDATE: Reports indicate that Safari browser may also be vulnerable, but this has not been confirmed.
UPDATE (June 6, 2007): The WebKit framework used by Safari is reported vulnerable. Builds 522 and later, which are associated with the nightly WebKit build, are vulnerable; other versions may also be affected.
The browser is prone to a cross-domain information-disclosure vulnerability because scripts may persist across navigations.
This vulnerability may let a malicious site interact with a site in an arbitrary external domain. Attackers could exploit this to gain access to sensitive information that is associated with the external domain. Other attacks may be possible, such as executing script code in other browser security zones.
UPDATE: Reports indicate that Safari browser may also be vulnerable, but this has not been confirmed.
UPDATE (June 6, 2007): The WebKit framework used by Safari is reported vulnerable. Builds 522 and later, which are associated with the nightly WebKit build, are vulnerable; other versions may also be affected.
Exploit / POC
Microsoft Internet Explorer JavaScript Cross Domain Information Disclosure Vulnerability
To exploit this issue, an attacker must entice an unsuspecting user to view a malicious webpage.
A proof-of-concept webpage has been created to demonstrate this issue. Please see the references for more information.
To exploit this issue, an attacker must entice an unsuspecting user to view a malicious webpage.
A proof-of-concept webpage has been created to demonstrate this issue. Please see the references for more information.
Solution / Fix
Microsoft Internet Explorer JavaScript Cross Domain Information Disclosure Vulnerability
Solution:
The vendor has released an advisory along with fixes. Please see the references for details.
Microsoft Internet Explorer 6.0 SP1
Microsoft Internet Explorer 7.0
Microsoft Internet Explorer 6.0
Solution:
The vendor has released an advisory along with fixes. Please see the references for details.
Microsoft Internet Explorer 6.0 SP1
-
Microsoft Cumulative Security Update for Internet Explorer 6 SP1 (KB969897)
http://www.microsoft.com/downloads/details.aspx?FamilyID=fe8b3796-a407 -4f41-89eb-35b4bcc24ff6
Microsoft Internet Explorer 7.0
-
Microsoft Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 (KB969897)
http://www.microsoft.com/downloads/details.aspx?FamilyID=a980b867-c67f -4c61-b6db-e55c2ca68dc0 -
Microsoft Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 x64 Edition (KB969897)
http://www.microsoft.com/downloads/details.aspx?FamilyID=5e7d6372-9c8c -449d-88fd-afd4f92ad9e6 -
Microsoft Cumulative Security Update for Internet Explorer 7 for Windows XP (KB969897)
http://www.microsoft.com/downloads/details.aspx?FamilyID=827b735c-660b -4723-b688-3297e107153a -
Microsoft Cumulative Security Update for Internet Explorer 7 for Windows XP x64 Edition (KB969897)
http://www.microsoft.com/downloads/details.aspx?FamilyID=e5d2c81e-ffab -4e3b-a59a-a55000597213 -
Microsoft Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 (KB969897)
http://www.microsoft.com/downloads/details.aspx?FamilyID=a0e3f975-57da -43fa-ac12-3d14fd6ce939 -
Microsoft Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 x64 Edition (KB969897)
http://www.microsoft.com/downloads/details.aspx?FamilyID=758edce7-2a82 -4b2e-bd71-5b7075cc4b17 -
Microsoft Cumulative Security Update for Internet Explorer 7 in Windows Vista (KB969897)
http://www.microsoft.com/downloads/details.aspx?FamilyID=e60215c3-b8b9 -4e45-9d9f-b3fb0b47cce1 -
Microsoft Cumulative Security Update for Internet Explorer 7 in Windows Vista x64 Edition (KB969897)
http://www.microsoft.com/downloads/details.aspx?FamilyID=88185088-8c2c -4bc6-89b2-87f4d4849cf7
Microsoft Internet Explorer 6.0
-
Microsoft Cumulative Security Update for Internet Explorer for Windows Server 2003 (KB969897)
http://www.microsoft.com/downloads/details.aspx?FamilyID=72a23752-86fb -4cc9-ab8e-63ffdfae5bec -
Microsoft Cumulative Security Update for Internet Explorer for Windows Server 2003 x64 Edition (KB969897)
http://www.microsoft.com/downloads/details.aspx?FamilyID=2a03d3c4-e39d -43a3-8d42-216e9551be96 -
Microsoft Cumulative Security Update for Internet Explorer for Windows XP (KB969897)
http://www.microsoft.com/downloads/details.aspx?FamilyID=3d7f63ee-d7c3 -48a5-902e-60625405e97d -
Microsoft Cumulative Security Update for Internet Explorer for Windows XP x64 Edition (KB969897)
http://www.microsoft.com/downloads/details.aspx?FamilyID=088f70eb-c5c5 -426a-880a-18ed386d0b56
References
Microsoft Internet Explorer JavaScript Cross Domain Information Disclosure Vulnerability
References:
References:
- Microsoft Internet Explorer Home Page (Microsoft )
- Proof-of-concept webpage (Michal Zalewski)
- Assorted browser vulnerabilities (Michal Zalewski)
- MS07-034: Executing arbitrary script with mhtml: protocol handler (HASEGAWA Yosuke)
- ASA-2009-221 MS09-019 Cumulative Security Update for Internet Explorer (969897) (Avaya)
- Microsoft Security Bulletin MS09-019 (Microsoft)
- Vulnerability Note VU#471361 Microsoft Internet Explorer cross-domain vulnerabil (US-CERT)