• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft Internet Explorer AddChannel Cross-Zone Scripting Vulnerability

A vulnerability has been reported in Microsoft Internet Explorer that could enable unauthorized access by malicious scripts and Active Content to document properties across different Security Zones and foreign domains.

This issue is exposed when a remote site uses the 'AddChannel' method to add a channel.

Exploitation of this issue could allow various attacks, such as cookie-theft from an arbitrary domain. Other issues may also facilitate execution of arbitrary code on a vulnerable client system by causing malicious content to be stored on the victim system and then referenced.