• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft Internet Explorer Script URL Cross-Domain Access Violation Vulnerability

Microsoft Internet Explorer is prone to an issue that could allow malicious script code from one domain to execute in the context of different domain.

The Script URL method could be used to allow script code to execute on a vulnerable system in the security domain of a website in another browser window. This occurs due to a violation of the browser security zone policy. According to Microsoft, this vulnerability can be exploited by attackers to run arbitrary exectuables on victim hosts. This would also permit malicious scripts to gain access to properties of documents in foreign domains.

This BID encapsulates a number of previously known issues discovered by Liu Die Yu and Jelmer. These issues are also described in BIDs 8577, 9769 and 9798.