Daily cyber threats and internet security news: network security, online safety and latest security alerts
April 2nd, 2008

Microsoft Internet Explorer Script Injection Vulnerability

Microsoft Internet Explorer is vulnerable to a script-injection when handling specially crafted requests to ‘acr_error.htm’ via the ‘res://’ protocol. The file resides in the ‘ieframe.dll’ dynamic-link library. An attacker may leverage this issue to execute arbitrary code in the context of user’s browser.

Successful exploits can allow the attacker to steal cookie-based authentication credentials, obtain potentially sensitive information stored on the victim’s computer, and launch other attacks. An unsuspecting user can be affected by visiting a malicious web or viewing a malicious web document.

Internet Explorer 8 is reported to vulnerable. Internet Explorer 7 is likely vulnerable as well, but this has not been confirmed yet.

No vendor-supplied patches are available at this moment.

Share this article with others:

More on CyberInsecure:
  • Cross-Domain Vulnerability In Microsoft Internet Explorer 6
  • Critical Internet Explorer Security Vulnerability Fixed By Microsoft
  • Remote Code Execution Vulnerability In The ActiveX Control For The Microsoft Access Snapshot Viewer Added Into Neosploit
  • Critical 0-day Vulnerability In Internet Explorer 6 And 7, Exploit Already Published
  • ASF Files Are Used To Execute Malicious Scripts in Windows Media Player

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Microsoft Internet Explorer Script Injection Vulnerability

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.