Microsoft Internet Explorer Windows Arbitrary Code Execution Vulnerability

Naviga SWZ: Home Page » News
News del 27 Novembre 05 Autore: RostoR
Microsoft Internet Explorer Windows Arbitrary Code Execution Vulnerability
Nuova vulnerabilità scoperta da Benjamin Tobias Franz di SEcunia, che ormai ci ha abituato a queste rilevazioni frequenti. The vulnerability is caused due to certain objects not being initialized correctly when the "window()" function is used in conjunction with the "< body onload >" event. This can be exploited to execute arbitrary code on a vulnerable browser via some specially crafted JavaScript code called directly when a site has been loaded. Example:< body onload="window();" >Successful exploitation requires that the user is e.g. tricked into visiting a malicious website. The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2, and Internet Explorer 6.0 and Microsoft Windows 2000 SP4. Solution: Disable Active Scripting except for trusted sites.
5 - Commento/i sul Forum

Voto:

Categoria: P2P e Web

La Community di SWZone.it

La community con le risposte che cerchi ! Partecipa é gratis !
Iscrizione ForumIscriviti al Forum

Newsletter

Vuoi ricevere tutti gli aggiornamenti di SWZone direttamente via mail ?
Iscrizione NewsletterIscriviti alla Newsletter

NOTIZIE CORRELATE