• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft Internet Explorer CSS Import Cross-Domain Restriction Bypass Vulnerability

Microsoft Internet Explorer is prone to an issue that allows a violation of the cross-domain security model.

The vulnerability arises because Internet Explorer fails to properly parse CSS files and facilitates importing of files that are not valid CSS files.

This allows attackers to access HTML and script code from the remote site that was improperly imported as a CSS file. This site may reside in a domain other than the site that exploits the issue.
An attacker may exploit this issue to steal sensitive information, which may aid in other attacks.