 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.800103 |
| Category: | Windows : Microsoft Bulletins |
| Title: | Microsoft Internet Explorer Multiple Vulnerabilities (950759) |
| Summary: | Microsoft Internet Explorer is prone to HTTP request; splitting/smuggling and HTML Objects Memory Corruption vulnerabilities. |
| Description: | Summary: Microsoft Internet Explorer is prone to HTTP request splitting/smuggling and HTML Objects Memory Corruption vulnerabilities. Vulnerability Insight: The flaws are due to - a memory corruption error while processing a Web page that contains certain unexpected method calls to HTML objects. - failure of setRequestHeader method of the XMLHttpRequest object to block dangerous HTTP request headers when certain 8-bit character sequences are appended to a header name. Vulnerability Impact: Successful exploitation allows remote attackers to execute arbitrary code by tricking user into visiting a specially crafted web page and to read data from a Web page in another domain in Internet Explorer. Attackers can use above issues to poison web caches, steal credentials, launch cross-site scripting, HTML-injection, and session-hijacking attacks. Affected Software/OS: - Microsoft Internet Explorer 5.01 & 6 SP1 for Microsoft Windows 2000 - Microsoft Internet Explorer 6 for Microsoft Windows 2003 and XP - Microsoft Internet Explorer 7 for Microsoft Windows 2003 and XP - Microsoft Internet Explorer 7 for Microsoft Windows 2008 and Vista Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2008-1442 BugTraq ID: 29556 http://www.securityfocus.com/bid/29556 Bugtraq: 20080610 ZDI-08-039: Microsoft Internet Explorer DOM Ojbect substringData() Heap Overflow Vulnerability (Google Search) http://www.securityfocus.com/archive/1/493253/100/0/threaded Cert/CC Advisory: TA08-162B http://www.us-cert.gov/cas/techalerts/TA08-162B.html HPdes Security Advisory: HPSBST02344 http://marc.info/?l=bugtraq&m=121380194923597&w=2 HPdes Security Advisory: SSRT080087 http://www.zerodayinitiative.com/advisories/ZDI-08-039/ Microsoft Security Bulletin: MS08-031 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-031 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5720 http://securitytracker.com/id?1020225 http://secunia.com/advisories/30575 http://securityreason.com/securityalert/3934 http://www.vupen.com/english/advisories/2008/1778 Common Vulnerability Exposure (CVE) ID: CVE-2008-1544 BugTraq ID: 28379 http://www.securityfocus.com/bid/28379 Bugtraq: 20080321 [MSA02240108] IE7 allows overwriting of several headers leading to Http request Splitting and smuggling. (Google Search) http://www.securityfocus.com/archive/1/489954/100/0/threaded http://www.mindedsecurity.com/MSA02240108.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5291 http://www.securitytracker.com/id?1020226 http://secunia.com/advisories/29453 http://securityreason.com/securityalert/3785 http://www.vupen.com/english/advisories/2008/0980 |
| Copyright | Copyright (C) 2008 Greenbone Networks GmbH |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |