• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft Internet Explorer Web Folder Behaviors Cross-Domain Scripting Vulnerability

Microsoft Internet Explorer is prone to a security vulnerability that may let a Web page execute malicious script code in the context of an arbitrary domain or browser security zone. This issue is the result of a security flaw in the browser security model when handling URIs when a Web folder view is rendered.

If exploited to access a foreign domain, this could allow script code embedded in a malicious Web page to access the properties of another site that the victim of the attack may trust. This would likely be exploited to steal credentials or sensitive information from the victim. The issue could also be exploited to execute arbitrary code by running malicious script code in a browser security zone with lowered security settings, such as the Local Machine, Trusted Sites or Intranet zone. Code execution would occur in the context of the currently logged in user.