Infesting you with Virus News
 

News

Contributed by: Lauren Gerber
Date: July 13, 2009
Lauren Gerber
2
Vote
0

Don't Cross The IE Cross Domain Scripting Vulnerability
 

Nothing is ever perfect and even the best stuff in this world is prone to errors and vulnerabilities. The perfect produIE.pngct does not exist, and this concept is also applicable to the world of computer security. The latest news is that the widely used Microsoft Internet Explorer has a computer security vulnerability. This weakness runs the risk of being exploited and the execution of malicious code occurring - this is directly related to the browser security zone or alternatively to an arbitrary domain.

This vulnerability, known as the IE Web Folder Behaviors Cross-Domain Scripting Vulnerability, is caused due to a security error that exists within the browser security model, when the handling of URLS takes place. This happens when a web folder view is rendered. Some of the files of Internet Explorer 6 may include but are not limited to the following:A2P.EXE, B-TEST.EXE, C2PH.BAT, CabInst.exe as well as creatfil.exe.

This vulnerability can be exploited in order to access an unknown domain. This may result in script code that is attached to a malicious page, actually accessing properties of a different site. The malicious characters could then do whatever they please, with the inclusion of stealing confidential information from chosen victims.

This is not the only risk that exists. This vulnerability could be exploited in order to execute arbitrary code. This may be achieved by running malicious code in a browsers security zone which has decreased security settings (e:g Local computer, trusted Sites and intranet zones). The code execution would take place within the context of the user that is logged in at that particular point in time.IE_pic.png

You may be wondering what the solution to this vulnerability actually is? If I were you I would be wondering too. The solution to this vulnerability is for users to apply the relevant updates from Microsoft. Microsoft has applied updates to the security bulletin for this vulnerability, in order to accurately reflect the availability and effectiveness of updated fixes.

Resources:
The Microsoft Security Bulletin.
Some download details for this vulnerability.
This vulnerability explained.
Some security bulletin details.

User Comments

Name:
Email:
Website:
Comment:
Please type 5-digit security code below:
Captcha image for spam protection

Featured Videos

Registry Tutorials
From: PC1News Videos
Added: June 13, 2009
more videos

Software Downloads

SpyHunter V.3
Free Spyhunter Scanner (Spyware/Trojan Detection). DETECT Spyware, Trojans, Worms, Viruses and malware on your PC absolutely FREE.
Download now
Registry Mechanic 8
Award Winning software, Fixes registry and improves computer performance. Created by a division of Symantec, this tool will scan your registry and find errors that can be later cleaned either individually or all together.
Download now
SpywareBlaster 4.1
The tool is used to prevent the installation of spyware and other potentially unwanted software. As soon as you download it, you will be able to protect your system.
Download now

Latest Comments

Microsoft Server Message Block (SMB) Protocol remote vulnera...
March 15, 2010
It is time for windows board to wake up and lock all system files , only to be opend by getting a licence... more..
bill103.exe
March 15, 2010
Help us! Still cannot get Antivirus to update or connect to via browser or ping symantec, avg, mcafee,... more..
Trojan.Agent.IPB
March 15, 2010
I'd like to say hi im new here i've been lurking around for the past few weeks and finally decided to... more..
more comments..
rss
Home | Files | Programs | Latest Comments | About us | Privacy Policy | Contributors | Contact Us
© 2008 - 2010 pc1news.com - All rights reserved.
Home  Tips  Downloads Videos Virus List Vulnerabilities
Home > Computer Security > Don't Cross The IE Cross Domain Scripting Vulnerability