Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

IE7 - XSS against local resource - CVE-2007-1499

Published: 2007-03-17
Last Updated: 2007-03-18 21:23:01 UTC
by Swa Frantzen (Version: 2)
0 comment(s)
In the past few days a new vulnerability was discussed publicly: a Cross Site Scripting (XSS) vulnerability against a local resource in MSIE 7 on at least Windows XP and Vista.

The vulnerability is in a local page displaying a "Navigation to the webpage was canceled" message with a "Refresh the page" link. An attacker can send a browser following a crafted link to this local resource, making it display a faked address on the address bar and using scripting to make the refresh this page link into go to a page of his/her choice.
Don't confuse the "Refresh this page" link with the refresh button of the browser, this latter will just reload the crafted URL.

This might be useful in a phishing attack, but it does sound rather complex and requires the user to jump through the hoops.

CVE-2007-1499 (NIST's version), Mitre's version should get updated at their next update of the website.

I've also update the "missing Microsoft patches" table, so we'll track it.

--
Swa Frantzen -- NET2S
Keywords:
0 comment(s)
Diary Archives