Microsoft Internet Explorer Frame Location Cross Domain Security Bypass Vulnerability
BID:29986
Info
Microsoft Internet Explorer Frame Location Cross Domain Security Bypass Vulnerability
Bugtraq ID:
29986
Class:
Origin Validation Error
CVE:
Remote:
Yes
Local:
No
Published:
Jun 27 2008 12:00AM
Updated:
Jun 27 2008 11:10PM
Credit:
Eduardo Vela, also known as sirdarckcat
Vulnerable:
Microsoft Internet Explorer 7.0.5730 .11
Microsoft Internet Explorer 8 Beta 1
Microsoft Internet Explorer 7.0 beta3
Microsoft Internet Explorer 7.0 beta2
Microsoft Internet Explorer 7.0 beta1
Microsoft Internet Explorer 7.0
+
Microsoft Windows Server 2003 Sp2 X64
+
Microsoft Windows Server 2003 Sp2 X64
+
Microsoft Windows Server 2003 SP2
+
Microsoft Windows Server 2003 SP2
+
Microsoft Windows Server 2003 SP2
+
Microsoft Windows Server 2003 Sp1 X64
+
Microsoft Windows Server 2003 Sp1 X64
+
Microsoft Windows Server 2003 SP1
+
Microsoft Windows Server 2003 SP1
+
Microsoft Windows Server 2003 Itanium SP2
+
Microsoft Windows Server 2003 Itanium SP2
+
Microsoft Windows Server 2003 Itanium SP2
+
Microsoft Windows Server 2003 Itanium SP1
+
Microsoft Windows Server 2003 Itanium SP1
+
Microsoft Windows Server 2003 Itanium 0
+
Microsoft Windows Server 2003 Itanium 0
+
Microsoft Windows Server 2003 x64 SP2
+
Microsoft Windows Server 2003 x64 SP2
+
Microsoft Windows Server 2003 x64 SP2
+
Microsoft Windows Server 2008 for 32-bit Systems SP2
+
Microsoft Windows Server 2008 for 32-bit Systems SP2
+
Microsoft Windows Server 2008 for 32-bit Systems SP2
+
Microsoft Windows Server 2008 for 32-bit Systems 0
+
Microsoft Windows Server 2008 for 32-bit Systems 0
+
Microsoft Windows Server 2008 for 32-bit Systems 0
+
Microsoft Windows Server 2008 for Itanium-based Systems SP2
+
Microsoft Windows Server 2008 for Itanium-based Systems SP2
+
Microsoft Windows Server 2008 for Itanium-based Systems SP2
+
Microsoft Windows Server 2008 for Itanium-based Systems 0
+
Microsoft Windows Server 2008 for Itanium-based Systems 0
+
Microsoft Windows Server 2008 for Itanium-based Systems 0
+
Microsoft Windows Server 2008 for x64-based Systems SP2
+
Microsoft Windows Server 2008 for x64-based Systems SP2
+
Microsoft Windows Server 2008 for x64-based Systems SP2
+
Microsoft Windows Server 2008 for x64-based Systems R2
+
Microsoft Windows Server 2008 for x64-based Systems R2
+
Microsoft Windows Server 2008 for x64-based Systems 0
+
Microsoft Windows Server 2008 for x64-based Systems 0
+
Microsoft Windows Server 2008 for x64-based Systems 0
+
Microsoft Windows Vista Ultimate
+
Microsoft Windows Vista Ultimate
+
Microsoft Windows Vista Ultimate
+
Microsoft Windows Vista Ultimate
+
Microsoft Windows Vista Ultimate
+
Microsoft Windows Vista Ultimate
+
Microsoft Windows Vista SP2
+
Microsoft Windows Vista SP2
+
Microsoft Windows Vista SP2
+
Microsoft Windows Vista SP1
+
Microsoft Windows Vista SP1
+
Microsoft Windows Vista SP1
+
Microsoft Windows Vista Home Premium
+
Microsoft Windows Vista Home Premium
+
Microsoft Windows Vista Home Premium
+
Microsoft Windows Vista Home Premium
+
Microsoft Windows Vista Home Premium
+
Microsoft Windows Vista Home Premium
+
Microsoft Windows Vista Home Premium
+
Microsoft Windows Vista Home Premium
+
Microsoft Windows Vista Home Basic
+
Microsoft Windows Vista Home Basic
+
Microsoft Windows Vista Home Basic
+
Microsoft Windows Vista Home Basic
+
Microsoft Windows Vista Home Basic
+
Microsoft Windows Vista Home Basic
+
Microsoft Windows Vista Home Basic
+
Microsoft Windows Vista Home Basic
+
Microsoft Windows Vista Enterprise
+
Microsoft Windows Vista Enterprise
+
Microsoft Windows Vista Enterprise
+
Microsoft Windows Vista Enterprise
+
Microsoft Windows Vista Enterprise
+
Microsoft Windows Vista Enterprise
+
Microsoft Windows Vista Enterprise
+
Microsoft Windows Vista Enterprise
+
Microsoft Windows Vista Business
+
Microsoft Windows Vista Business
+
Microsoft Windows Vista Business
+
Microsoft Windows Vista Business
+
Microsoft Windows Vista Business
+
Microsoft Windows Vista Business
+
Microsoft Windows Vista Business
+
Microsoft Windows Vista Business
+
Microsoft Windows Vista 0
+
Microsoft Windows Vista 0
+
Microsoft Windows Vista 0
+
Microsoft Windows Vista 0
+
Microsoft Windows Vista 0
+
Microsoft Windows Vista 0
+
Microsoft Windows Vista 0
+
Microsoft Windows Vista 0
+
Microsoft Windows Vista Enterprise 64-bit edition SP2
+
Microsoft Windows Vista Enterprise 64-bit edition SP2
+
Microsoft Windows Vista Enterprise 64-bit edition SP1
+
Microsoft Windows Vista Enterprise 64-bit edition SP1
+
Microsoft Windows Vista Enterprise 64-bit edition 0
+
Microsoft Windows Vista Enterprise 64-bit edition 0
+
Microsoft Windows Vista Home Basic 64-bit edition Sp1 X64
+
Microsoft Windows Vista Home Basic 64-bit edition Sp1 X64
+
Microsoft Windows Vista Home Basic 64-bit edition SP1
+
Microsoft Windows Vista Home Basic 64-bit edition SP1
+
Microsoft Windows Vista Home Basic 64-bit edition 0
+
Microsoft Windows Vista Home Basic 64-bit edition 0
+
Microsoft Windows Vista Home Premium 64-bit edition SP2
+
Microsoft Windows Vista Home Premium 64-bit edition SP2
+
Microsoft Windows Vista Home Premium 64-bit edition SP1
+
Microsoft Windows Vista Home Premium 64-bit edition SP1
+
Microsoft Windows Vista Home Premium 64-bit edition 0
+
Microsoft Windows Vista Home Premium 64-bit edition 0
+
Microsoft Windows Vista x64 Edition SP2
+
Microsoft Windows Vista x64 Edition SP2
+
Microsoft Windows Vista x64 Edition SP2
+
Microsoft Windows Vista x64 Edition SP1
+
Microsoft Windows Vista x64 Edition SP1
+
Microsoft Windows Vista x64 Edition SP1
+
Microsoft Windows Vista x64 Edition 0
+
Microsoft Windows Vista x64 Edition 0
+
Microsoft Windows Vista x64 Edition 0
+
Microsoft Windows Vista x64 Edition Service Pack 2 0
+
Microsoft Windows XP 0
+
Microsoft Windows XP 0
+
Microsoft Windows XP Embedded SP3
+
Microsoft Windows XP Embedded SP3
+
Microsoft Windows XP Embedded SP3
+
Microsoft Windows XP Home SP3
+
Microsoft Windows XP Home SP3
+
Microsoft Windows XP Home SP3
+
Microsoft Windows XP Home SP2
+
Microsoft Windows XP Home SP2
+
Microsoft Windows XP Home SP1
+
Microsoft Windows XP Home SP1
+
Microsoft Windows XP Media Center Edition SP3
+
Microsoft Windows XP Media Center Edition SP3
+
Microsoft Windows XP Media Center Edition SP3
+
Microsoft Windows XP Professional SP3
+
Microsoft Windows XP Professional SP3
+
Microsoft Windows XP Professional SP3
+
Microsoft Windows XP Professional SP2
+
Microsoft Windows XP Professional SP2
+
Microsoft Windows XP Professional SP1
+
Microsoft Windows XP Professional SP1
+
Microsoft Windows XP Professional
+
Microsoft Windows XP Professional
+
Microsoft Windows XP Professional x64 Edition SP3
+
Microsoft Windows XP Professional x64 Edition SP3
+
Microsoft Windows XP Professional x64 Edition SP2
+
Microsoft Windows XP Professional x64 Edition SP2
+
Microsoft Windows XP Professional x64 Edition SP2
+
Microsoft Windows XP Professional x64 Edition
+
Microsoft Windows XP Professional x64 Edition
+
Microsoft Windows XP Service Pack 3 0
+
Microsoft Windows XP Service Pack 3 0
+
Microsoft Windows XP Tablet PC Edition SP3
+
Microsoft Windows XP Tablet PC Edition SP3
+
Microsoft Windows XP Tablet PC Edition SP3
Microsoft Internet Explorer 6.0 SP2 - do not use
Microsoft Internet Explorer 6.0 SP1
Microsoft Internet Explorer 6.0
-
Microsoft Windows 2000 Advanced Server SP2
-
Microsoft Windows 2000 Advanced Server SP2
-
Microsoft Windows 2000 Advanced Server SP2
-
Microsoft Windows 2000 Advanced Server SP1
-
Microsoft Windows 2000 Advanced Server SP1
-
Microsoft Windows 2000 Advanced Server SP1
-
Microsoft Windows 2000 Advanced Server
-
Microsoft Windows 2000 Advanced Server
-
Microsoft Windows 2000 Advanced Server
-
Microsoft Windows 2000 Datacenter Server SP2
-
Microsoft Windows 2000 Datacenter Server SP2
-
Microsoft Windows 2000 Datacenter Server SP2
-
Microsoft Windows 2000 Datacenter Server SP1
-
Microsoft Windows 2000 Datacenter Server SP1
-
Microsoft Windows 2000 Datacenter Server SP1
-
Microsoft Windows 2000 Datacenter Server
-
Microsoft Windows 2000 Datacenter Server
-
Microsoft Windows 2000 Datacenter Server
-
Microsoft Windows 2000 Professional SP2
-
Microsoft Windows 2000 Professional SP2
-
Microsoft Windows 2000 Professional SP2
-
Microsoft Windows 2000 Professional SP1
-
Microsoft Windows 2000 Professional SP1
-
Microsoft Windows 2000 Professional SP1
-
Microsoft Windows 2000 Professional
-
Microsoft Windows 2000 Professional
-
Microsoft Windows 2000 Professional
-
Microsoft Windows 2000 Server SP2
-
Microsoft Windows 2000 Server SP2
-
Microsoft Windows 2000 Server SP2
-
Microsoft Windows 2000 Server SP1
-
Microsoft Windows 2000 Server SP1
-
Microsoft Windows 2000 Server SP1
-
Microsoft Windows 2000 Server
-
Microsoft Windows 2000 Server
-
Microsoft Windows 2000 Server
-
Microsoft Windows 2000 Terminal Services SP2
-
Microsoft Windows 2000 Terminal Services SP2
-
Microsoft Windows 2000 Terminal Services SP2
-
Microsoft Windows 2000 Terminal Services SP1
-
Microsoft Windows 2000 Terminal Services SP1
-
Microsoft Windows 2000 Terminal Services SP1
-
Microsoft Windows 2000 Terminal Services
-
Microsoft Windows 2000 Terminal Services
-
Microsoft Windows 2000 Terminal Services
-
Microsoft Windows 98
-
Microsoft Windows 98
-
Microsoft Windows 98
-
Microsoft Windows 98SE
-
Microsoft Windows 98SE
-
Microsoft Windows 98SE
-
Microsoft Windows ME
-
Microsoft Windows ME
-
Microsoft Windows ME
-
Microsoft Windows NT 4.0 SP6a
-
Microsoft Windows NT 4.0 SP6a
-
Microsoft Windows NT Enterprise Server 4.0 SP6a
-
Microsoft Windows NT Enterprise Server 4.0 SP6a
-
Microsoft Windows NT Enterprise Server 4.0 SP6a
-
Microsoft Windows NT Server 4.0 SP6a
-
Microsoft Windows NT Server 4.0 SP6a
-
Microsoft Windows NT Server 4.0 SP6a
-
Microsoft Windows NT Terminal Server 4.0 SP6a
-
Microsoft Windows NT Terminal Server 4.0 SP6a
-
Microsoft Windows NT Workstation 4.0 SP6a
-
Microsoft Windows NT Workstation 4.0 SP6a
-
Microsoft Windows NT Workstation 4.0 SP6a
+
Microsoft Windows Server 2003 Datacenter Edition
+
Microsoft Windows Server 2003 Datacenter Edition
+
Microsoft Windows Server 2003 Datacenter Edition
+
Microsoft Windows Server 2003 Datacenter Edition Itanium 0
+
Microsoft Windows Server 2003 Datacenter Edition Itanium 0
+
Microsoft Windows Server 2003 Enterprise Edition
+
Microsoft Windows Server 2003 Enterprise Edition
+
Microsoft Windows Server 2003 Enterprise Edition
+
Microsoft Windows Server 2003 Enterprise Edition Itanium 0
+
Microsoft Windows Server 2003 Enterprise Edition Itanium 0
+
Microsoft Windows Server 2003 Enterprise Edition Itanium 0
+
Microsoft Windows Server 2003 Standard Edition
+
Microsoft Windows Server 2003 Standard Edition
+
Microsoft Windows Server 2003 Standard Edition
+
Microsoft Windows Server 2003 Web Edition
+
Microsoft Windows Server 2003 Web Edition
+
Microsoft Windows Server 2003 Web Edition
+
Microsoft Windows XP Home
+
Microsoft Windows XP Home
+
Microsoft Windows XP Home
+
Microsoft Windows XP Professional
+
Microsoft Windows XP Professional
+
Microsoft Windows XP Professional
Not Vulnerable:
Discussion
Microsoft Internet Explorer Frame Location Cross Domain Security Bypass Vulnerability
Microsoft Internet Explorer is prone to a cross-domain scripting security-bypass vulnerability because the application fails to properly enforce the same-origin policy.
An attacker can exploit this issue to change the location of a frame from a different domain. This allows the attacker to execute arbitrary code in a frame of the same window as content from a different domain. Successful exploits will allow the attacker to access information from the parent document via DOM components that are not domain-reliant (such as the 'onmousedown' event).
Internet Explorer 6, 7, and 8 Beta 1 are vulnerable; other versions may also be affected.
Exploit / POC
Microsoft Internet Explorer Frame Location Cross Domain Security Bypass Vulnerability
To exploit this issue, an attacker must entice an unsuspecting user to view a malicious webpage.
Microsoft Internet Explorer Frame Location Cross Domain Security Bypass Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Microsoft Internet Explorer Frame Location Cross Domain Security Bypass Vulnerability