Multiple Vendor HTML Form Protocol Vulnerability

Browsers from multiple vendors are prone to a vulnerability that may allow submitting data to any port on an arbitrary machine.

An attacker may exploit the issue by hosting a crafted HTML page and enticing an unsuspecting user to visit it. The crafted HTML page may contain malicious form data which will be sent to a server that uses an ASCII-based protocol such SMTP, NNTP, POP3, IMAP, and IRC.

Successful exploitation may allow attackers to entice unsuspecting users into submitting crafted data to any port on an arbitrary machine. The issue can also be exploited to perform cross-site scripting attacks and steal cookie-based authentication credentials.

The vulnerability affects browsers from multiple vendors and HTML-enabled email clients.

NOTE: An attacker may be able to circumvent browsers that prevent access to certain ports by adding 65536 to the number of the port that the attacker is sending data to.


Privacy Statement
Copyright 2010, SecurityFocus