Secunia Advisory: SA30857
Release Date: 2008-06-26
Critical: Moderately critical
Impact: Security Bypass
Cross Site Scripting
Where: From remote
Solution Status: Unpatched
Software: Microsoft Internet Explorer 6.x
Description:
Ph4nt0m Security Team has discovered a vulnerability in Internet Explorer 6, which can be exploited by malicious people to conduct cross-domain scripting attacks.
The vulnerability is caused due to an input validation error when handling the "location" or "location.href" property of a window object. This can be exploited by a malicious website to e.g. open a trusted site and execute arbitrary script code in a user's browser session in context of the trusted site.
The vulnerability is confirmed in IE6 on Windows XP SP2. Other versions may also be affected.
Solution:
Upgrade to Internet Explorer 7, which is unaffected.
Bollettino Sicurezza
Release Date: 2008-06-26
Critical: Moderately critical
Impact: Security Bypass
Cross Site Scripting
Where: From remote
Solution Status: Unpatched
Software: Microsoft Internet Explorer 6.x
Description:
Ph4nt0m Security Team has discovered a vulnerability in Internet Explorer 6, which can be exploited by malicious people to conduct cross-domain scripting attacks.
The vulnerability is caused due to an input validation error when handling the "location" or "location.href" property of a window object. This can be exploited by a malicious website to e.g. open a trusted site and execute arbitrary script code in a user's browser session in context of the trusted site.
The vulnerability is confirmed in IE6 on Windows XP SP2. Other versions may also be affected.
Solution:
Upgrade to Internet Explorer 7, which is unaffected.
Bollettino Sicurezza