CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
April 2nd, 2008

Microsoft Internet Explorer Script Injection Vulnerability

Microsoft Internet Explorer is vulnerable to a script-injection when handling specially crafted requests to ‘acr_error.htm’ via the ‘res://’ protocol. The file resides in the ‘ieframe.dll’ dynamic-link library. An attacker may leverage this issue to execute arbitrary code in the context of user’s browser.

Successful exploits can allow the attacker to steal cookie-based authentication credentials, obtain potentially sensitive information stored on the victim’s computer, and launch other attacks. An unsuspecting user can be affected by visiting a malicious web or viewing a malicious web document.

Internet Explorer 8 is reported to vulnerable. Internet Explorer 7 is likely vulnerable as well, but this has not been confirmed yet.

No vendor-supplied patches are available at this moment.

http://www.microsoft.com/windows/products/winfamily/ie/ie8/default.mspx

Share this article with others:

More on CyberInsecure:
  • Cross-Domain Vulnerability In Microsoft Internet Explorer 6
  • Critical Internet Explorer Security Vulnerability Fixed By Microsoft
  • Remote Code Execution Vulnerability In The ActiveX Control For The Microsoft Access Snapshot Viewer Added Into Neosploit
  • Critical 0-day Vulnerability In Internet Explorer 6 And 7, Exploit Already Published
  • ASF Files Are Used To Execute Malicious Scripts in Windows Media Player

    • Posted in Microsoft, Vulnerabilities | Print This Post Print This Post

    This entry was posted on Wednesday, April 2nd, 2008 at 5:26 pm and is filed under Microsoft, Vulnerabilities. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Microsoft Internet Explorer Script Injection Vulnerability

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »