Explorer XP Multiple Input Validation Vulnerabilities


Explorer XP is prone to cross-site scripting and information-disclosure vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage the cross-site scripting issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

An attacker may leverage the information-disclosure issue to gain access to the contents of arbitrary files with the privileges of the hosting webserver. This may aid the attacker in further attacks.


 

Privacy Statement
Copyright 2010, SecurityFocus