Internet Explorer 6 & 7 Vulnerabilities

Internet Explorer 7 Frame Location Handling Vulnerability

sirdarckcat has discovered a vulnerability in Internet Explorer, which can be exploited by malicious people to conduct spoofing attacks.

The problem is that it is possible for a website to modify the location of another frame in another window by setting the location to an object instead of a string. This can be exploited to load malicious content into a frame of a trusted website.

The vulnerability is confirmed in IE7. Other versions may also be affected.

Solution:  Do not visit or follow links from untrusted websites.
http://secunia.com/advisories/30851/

Internet Explorer 6 Window “location” Handling Vulnerability

Ph4nt0m Security Team has discovered a vulnerability in Internet Explorer 6, which can be exploited by malicious people to conduct cross-domain scripting attacks.

The vulnerability is caused due to an input validation error when handling the “location” or “location.href” property of a window object. This can be exploited by a malicious website to e.g. open a trusted site and execute arbitrary script code in a user’s browser session in context of the trusted site.

The vulnerability is confirmed in IE6 on Windows XP SP2. Other versions may also be affected.

Solution: Upgrade to Internet Explorer 7, which is unaffected.
http://secunia.com/advisories/30857/

Leave a Reply