MSIE same name function security zone bypass vulnerability

Discussion in 'NZ Computing' started by Patrick Dunford, Jul 15, 2004.

  1. http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=28714

    Vulnerability ID: 28714 Discovered by: Paul
    Exploitable Locally: No Exploitable Remotely: Yes
    Impact: Remote attackers can bypass security restrictions and gain
    unauthorized system access.

    Root Cause: Software Vulnerability

    Microsoft Internet Explorer contains a vulnerability that can allow an
    attacker to bypass security restrictions and gain unauthorized system
    access. The vulnerability is due to the way IE processes scripts
    containing functions with the same name. Attackers can exploit the
    vulnerability by creating a carefully constructed web page and enticing a
    victim into viewing the page. Viewing the page allows the attacker to
    bypass security zone restrictions and access sensitive information or
    upload malicious files to the victim=3Fs system.


    Currently there is no fix for this issue. As a workaround, disable
    Active scripting for untrusted sites.

    Tools -> Internet Options -> Security -> Custom Level -> Scripting ->
    Active scripting -> Disable
     
    Patrick Dunford, Jul 15, 2004
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Guest
    Replies:
    3
    Views:
    680
    Doctor Monsignor Larville Jones MD
    Jul 21, 2003
  2. Joel Rubin

    Windows/MSIE security updates for October

    Joel Rubin, Oct 13, 2004, in forum: Computer Support
    Replies:
    4
    Views:
    454
    Lady Chatterly
    Oct 13, 2004
  3. donutbandit

    Huge vulnerability in Zone Alarm (all versions)

    donutbandit, Feb 17, 2004, in forum: Computer Security
    Replies:
    20
    Views:
    823
    Mimic
    Feb 23, 2004
  4. imhotep
    Replies:
    0
    Views:
    553
    imhotep
    Jun 23, 2006
  5. Jones

    Zone Alarm or Zone Alarm Pro?

    Jones, Feb 19, 2004, in forum: Computer Information
    Replies:
    5
    Views:
    635
    Phil Marshall
    Feb 20, 2004
Loading...

Share This Page