 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.800103 |
| Kategorie: | Windows : Microsoft Bulletins |
| Titel: | Microsoft Internet Explorer Multiple Vulnerabilities (950759) |
| Zusammenfassung: | Microsoft Internet Explorer is prone to HTTP request; splitting/smuggling and HTML Objects Memory Corruption vulnerabilities. |
| Beschreibung: | Summary: Microsoft Internet Explorer is prone to HTTP request splitting/smuggling and HTML Objects Memory Corruption vulnerabilities. Vulnerability Insight: The flaws are due to - a memory corruption error while processing a Web page that contains certain unexpected method calls to HTML objects. - failure of setRequestHeader method of the XMLHttpRequest object to block dangerous HTTP request headers when certain 8-bit character sequences are appended to a header name. Vulnerability Impact: Successful exploitation allows remote attackers to execute arbitrary code by tricking user into visiting a specially crafted web page and to read data from a Web page in another domain in Internet Explorer. Attackers can use above issues to poison web caches, steal credentials, launch cross-site scripting, HTML-injection, and session-hijacking attacks. Affected Software/OS: - Microsoft Internet Explorer 5.01 & 6 SP1 for Microsoft Windows 2000 - Microsoft Internet Explorer 6 for Microsoft Windows 2003 and XP - Microsoft Internet Explorer 7 for Microsoft Windows 2003 and XP - Microsoft Internet Explorer 7 for Microsoft Windows 2008 and Vista Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2008-1442 BugTraq ID: 29556 http://www.securityfocus.com/bid/29556 Bugtraq: 20080610 ZDI-08-039: Microsoft Internet Explorer DOM Ojbect substringData() Heap Overflow Vulnerability (Google Search) http://www.securityfocus.com/archive/1/493253/100/0/threaded Cert/CC Advisory: TA08-162B http://www.us-cert.gov/cas/techalerts/TA08-162B.html HPdes Security Advisory: HPSBST02344 http://marc.info/?l=bugtraq&m=121380194923597&w=2 HPdes Security Advisory: SSRT080087 http://www.zerodayinitiative.com/advisories/ZDI-08-039/ Microsoft Security Bulletin: MS08-031 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-031 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5720 http://securitytracker.com/id?1020225 http://secunia.com/advisories/30575 http://securityreason.com/securityalert/3934 http://www.vupen.com/english/advisories/2008/1778 Common Vulnerability Exposure (CVE) ID: CVE-2008-1544 BugTraq ID: 28379 http://www.securityfocus.com/bid/28379 Bugtraq: 20080321 [MSA02240108] IE7 allows overwriting of several headers leading to Http request Splitting and smuggling. (Google Search) http://www.securityfocus.com/archive/1/489954/100/0/threaded http://www.mindedsecurity.com/MSA02240108.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5291 http://www.securitytracker.com/id?1020226 http://secunia.com/advisories/29453 http://securityreason.com/securityalert/3785 http://www.vupen.com/english/advisories/2008/0980 |
| Copyright | Copyright (C) 2008 Greenbone Networks GmbH |
| Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |