Security Advisory
- Internet Explorer Charset Inheritance Cross-Site Scripting Vulnerability Reported Date: 12-07-09
Rated Level: 
Impact: Cross Scripting,Remotely Exploitable
Affected Software: Microsoft Internet Explorer 7.x
Microsoft Internet Explorer 8.x
Microsoft Internet Explorer 8.x
Description: Stefan Esser has discovered a vulnerability in Internet Explorer, which can be exploited by malicious people to conduct cross-site scripting attacks.
The vulnerability exists because pages that don't specify a charset inherit the charset of the parent page. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of certain sites that are included e.g. via iframes in a malicious page that uses UTF-7 as charset.
Successful exploitation requires that the user is tricked into visiting a malicious web site.
The vulnerability is confirmed in Internet Explorer 7 and 8 on a fully patched Windows XP. Other versions may also be affected.
The vulnerability exists because pages that don't specify a charset inherit the charset of the parent page. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of certain sites that are included e.g. via iframes in a malicious page that uses UTF-7 as charset.
Successful exploitation requires that the user is tricked into visiting a malicious web site.
The vulnerability is confirmed in Internet Explorer 7 and 8 on a fully patched Windows XP. Other versions may also be affected.
Note: Stefan Esser. Additional information related to Internet Explorer 8 provided by Inferno.
Solution:
Do not browse untrusted sites.
Original Advisory: Stefan Esser:
http://www.hardened-php.net/advisory_032007.142.html
Inferno:
http://securethoughts.com/2009/05/exp...ulnerability-using-local-redirection/
http://www.hardened-php.net/advisory_032007.142.html
Inferno:
http://securethoughts.com/2009/05/exp...ulnerability-using-local-redirection/
References: http://secunia.com/advisories/cve_reference/CVE-2007-0995/
http://secunia.com/advisories/cve_reference/CVE-2007-1114/
http://secunia.com/advisories/cve_reference/CVE-2007-1114/
Feedback: If you have additional information or corrections for this security advisory please contact us at advisory(at)triviasecurity.org
- Ubuntu 9.10 PAM MOTD file tampering (privilege escalation) (11/07/10)
- Pligg CMS v1.0.4 Installation File XSS Vulnerability (11/07/10)
- Cpanel 11.25 - [CSRF] Add FTP Account (05/07/10)
- Sun Java Web Server version 7.0 update 7 remote stack overflow exploit (05/07/10)
- Ziggurat Farsi CMS SQL Injection Vulnerability (05/07/10)
- SasCam WebCam Server version 2.6.5 active-x SEH overwrite exploit (05/07/10)
- ISC DHCPd DOS proof of concept exploit (05/07/10)
- Multiple Cisco CSS / ACE Client Certificate and HTTP Header Manipulation Vulnerabilities (05/07/10)
- Joomla (com_seyret) - LFI Vulnerability (05/07/10)
- Joomla Eventcal component v1.6.4 Remote blind SQL injection vulnerability (05/07/10)
- Copyright © 2003-2010 TriviaSecurity Team