Microsoft Internet Explorer 'location' & 'location.href' Cross Domain Security Bypass Vulnerability
BID:29960
Info
Microsoft Internet Explorer 'location' & 'location.href' Cross Domain Security Bypass Vulnerability
| Bugtraq ID: | 29960 |
| Class: | Origin Validation Error |
| CVE: |
CVE-2008-2947 |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 26 2008 12:00AM |
| Updated: | Oct 24 2008 02:16PM |
| Credit: | rayh4c |
| Vulnerable: |
Nortel Networks Self-Service Speech Server 0 Nortel Networks Self-Service Peri Workstation 0 Nortel Networks Self-Service Peri Application 0 Nortel Networks Peri Workstation 0 Nortel Networks Peri Application 0 Nortel Networks Media Processing Svr 500 Rel 3.0 Nortel Networks Media Processing Svr 1000 Rel 3.0 Nortel Networks Media Processing Svr 100 0 Nortel Networks Contact Center Manager Server 0 Nortel Networks Contact Center Manager Nortel Networks Contact Center Express Nortel Networks CallPilot 703t Nortel Networks CallPilot 702t Nortel Networks CallPilot 201i Nortel Networks CallPilot 200i Nortel Networks CallPilot 1002rp Microsoft Internet Explorer 5.0.1 SP4 Microsoft Internet Explorer 5.0.1 SP3 Microsoft Internet Explorer 5.0.1 SP2 Microsoft Internet Explorer 5.0.1 SP1 Microsoft Internet Explorer 5.0.1 for Windows 2000 Microsoft Internet Explorer 5.0.1 Microsoft Internet Explorer 7.0 Microsoft Internet Explorer 6.0 SP1 Microsoft Internet Explorer 6.0 HP Storage Management Appliance 2.1 |
| Not Vulnerable: | |
Discussion
Microsoft Internet Explorer 'location' & 'location.href' Cross Domain Security Bypass Vulnerability
Microsoft Internet Explorer is prone to a cross-domain scripting security-bypass vulnerability because the application fails to properly enforce the same-origin policy.
An attacker can exploit this issue to execute arbitrary script code in another browser window's security zone. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
NOTE: Attackers exploiting this issue on Internet Explorer 5.01 SP4 and Internet Explorer 6 SP1 running on Microsoft Windows 2000 SP4 may leverage the issue to execute remote code. Other vulnerable versions of the browser are prone only to information disclosure.
Microsoft Internet Explorer is prone to a cross-domain scripting security-bypass vulnerability because the application fails to properly enforce the same-origin policy.
An attacker can exploit this issue to execute arbitrary script code in another browser window's security zone. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
NOTE: Attackers exploiting this issue on Internet Explorer 5.01 SP4 and Internet Explorer 6 SP1 running on Microsoft Windows 2000 SP4 may leverage the issue to execute remote code. Other vulnerable versions of the browser are prone only to information disclosure.
Exploit / POC
Microsoft Internet Explorer 'location' & 'location.href' Cross Domain Security Bypass Vulnerability
To exploit this issue, an attacker must entice an unsuspecting user to view a malicious webpage.
To exploit this issue, an attacker must entice an unsuspecting user to view a malicious webpage.
Solution / Fix
Microsoft Internet Explorer 'location' & 'location.href' Cross Domain Security Bypass Vulnerability
Solution:
Microsoft released an advisory along with fixes to address this issue. Please see the references for more information.
Microsoft Internet Explorer 6.0 SP1
Microsoft Internet Explorer 7.0
Microsoft Internet Explorer 6.0
Microsoft Internet Explorer 5.0.1 SP1
Microsoft Internet Explorer 5.0.1 SP4
Microsoft Internet Explorer 5.0.1 SP2
Microsoft Internet Explorer 5.0.1 SP3
Microsoft Internet Explorer 5.0.1
Microsoft Internet Explorer 5.0.1 for Windows 2000
Solution:
Microsoft released an advisory along with fixes to address this issue. Please see the references for more information.
Microsoft Internet Explorer 6.0 SP1
-
Microsoft Cumulative Security Update for Internet Explorer 6 SP1 (KB956390)
http://www.microsoft.com/downloads/details.aspx?familyid=02390258-08E9 -4B75-960D-BE081B749558&displaylang=en -
Microsoft Cumulative Security Update for Internet Explorer for Windows Server 2003 (KB956390)
http://www.microsoft.com/downloads/details.aspx?familyid=AE8D22D5-20AA -471D-A423-F54C9D75FEBE&displaylang=en -
Microsoft Cumulative Security Update for Internet Explorer for Windows Server 2003 x64 Edition (KB956390)
http://www.microsoft.com/downloads/details.aspx?familyid=07FC88C4-2571 -4A4D-B573-AE576798AB4C&displaylang=en -
Microsoft Cumulative Security Update for Internet Explorer for Windows XP (KB956390)
http://www.microsoft.com/downloads/details.aspx?familyid=A7F0F47B-B1EE -4516-9FBF-BF8E579963D0&displaylang=en -
Microsoft Cumulative Security Update for Internet Explorer for Windows XP x64 Edition (KB956390)
http://www.microsoft.com/downloads/details.aspx?familyid=234C05FB-988B -4E02-AAB6-BB23E447DF3D&displaylang=en
Microsoft Internet Explorer 7.0
-
Microsoft Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 (KB956390)
http://www.microsoft.com/downloads/details.aspx?familyid=FEAF2ADF-7892 -4DBF-A147-DB4D5DBE52F3&displaylang=en -
Microsoft Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 x64 Edition (KB956390)
http://www.microsoft.com/downloads/details.aspx?familyid=319DBA34-07CA -47F9-A1E9-20DF2DF7966B&displaylang=en -
Microsoft Cumulative Security Update for Internet Explorer 7 for Windows XP (KB956390)
http://www.microsoft.com/downloads/details.aspx?familyid=4E73DE2B-05E6 -4901-9BAC-46D8F469E635&displaylang=en -
Microsoft Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 (KB956390)
http://www.microsoft.com/downloads/details.aspx?familyid=EC73F416-2204 -42D6-8932-C96578AC819F&displaylang=en -
Microsoft Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 x64 Edition (KB956390)
http://www.microsoft.com/downloads/details.aspx?familyid=BAACD1C2-9764 -4FEA-BD4D-C49791974FEF&displaylang=en -
Microsoft Cumulative Security Update for Internet Explorer 7 in Windows Vista (KB956390)
http://www.microsoft.com/downloads/details.aspx?familyid=4756E04B-6E1C -4D78-A3C0-17F6B4B97975&displaylang=en -
Microsoft Cumulative Security Update for Internet Explorer 7 in Windows Vista x64 Edition (KB956390)
http://www.microsoft.com/downloads/details.aspx?familyid=BD19C72B-4F83 -47AB-93BE-D2C286E732C4&displaylang=en
Microsoft Internet Explorer 6.0
-
Microsoft Cumulative Security Update for Internet Explorer 6 SP1 (KB956390)
http://www.microsoft.com/downloads/details.aspx?familyid=02390258-08E9 -4B75-960D-BE081B749558&displaylang=en -
Microsoft Cumulative Security Update for Internet Explorer for Windows Server 2003 (KB956390)
http://www.microsoft.com/downloads/details.aspx?familyid=AE8D22D5-20AA -471D-A423-F54C9D75FEBE&displaylang=en -
Microsoft Cumulative Security Update for Internet Explorer for Windows Server 2003 x64 Edition (KB956390)
http://www.microsoft.com/downloads/details.aspx?familyid=07FC88C4-2571 -4A4D-B573-AE576798AB4C&displaylang=en -
Microsoft Cumulative Security Update for Internet Explorer for Windows XP (KB956390)
http://www.microsoft.com/downloads/details.aspx?familyid=A7F0F47B-B1EE -4516-9FBF-BF8E579963D0&displaylang=en -
Microsoft Cumulative Security Update for Internet Explorer for Windows XP x64 Edition (KB956390)
http://www.microsoft.com/downloads/details.aspx?familyid=234C05FB-988B -4E02-AAB6-BB23E447DF3D&displaylang=en
Microsoft Internet Explorer 5.0.1 SP1
-
Microsoft Cumulative Security Update for Internet Explorer 5.01 Service Pack 4 (KB956390)
http://www.microsoft.com/downloads/details.aspx?familyid=257C0478-56DD -42EB-A90E-607D01613DB7&displaylang=en
Microsoft Internet Explorer 5.0.1 SP4
-
Microsoft Cumulative Security Update for Internet Explorer 5.01 Service Pack 4 (KB956390)
http://www.microsoft.com/downloads/details.aspx?familyid=257C0478-56DD -42EB-A90E-607D01613DB7&displaylang=en
Microsoft Internet Explorer 5.0.1 SP2
-
Microsoft Cumulative Security Update for Internet Explorer 5.01 Service Pack 4 (KB956390)
http://www.microsoft.com/downloads/details.aspx?familyid=257C0478-56DD -42EB-A90E-607D01613DB7&displaylang=en
Microsoft Internet Explorer 5.0.1 SP3
-
Microsoft Cumulative Security Update for Internet Explorer 5.01 Service Pack 4 (KB956390)
http://www.microsoft.com/downloads/details.aspx?familyid=257C0478-56DD -42EB-A90E-607D01613DB7&displaylang=en
Microsoft Internet Explorer 5.0.1
-
Microsoft Cumulative Security Update for Internet Explorer 5.01 Service Pack 4 (KB956390)
http://www.microsoft.com/downloads/details.aspx?familyid=257C0478-56DD -42EB-A90E-607D01613DB7&displaylang=en
Microsoft Internet Explorer 5.0.1 for Windows 2000
-
Microsoft Cumulative Security Update for Internet Explorer 5.01 Service Pack 4 (KB956390)
http://www.microsoft.com/downloads/details.aspx?familyid=257C0478-56DD -42EB-A90E-607D01613DB7&displaylang=en
References
Microsoft Internet Explorer 'location' & 'location.href' Cross Domain Security Bypass Vulnerability
References:
References:
- CERT® Advisory CA-2000-02 Malicious HTML Tags Embedded in Client Web Requests (US-CERT)
- Internet Explorer Homepage (Microsoft)
- Issue 0x02, Phile #0x04 of 0x0A (Ph4nt0m Security Team)
- Vulnerability Note VU#923508 (US-CERT)
- Zero-day flaw haunts Internet Explorer (ZDNet)
- Microsoft Security Bulletin MS08-058 (Microsoft )
- Nortel Response to Microsoft Security Bulletin MS08-058 (Nortel Networks)