Forum - Computer security: vulnerabilities and exploits database

[EN] securityvulns.ru
no-pyccku

Microsoft Internet Explorer saved pages crossite scripting
updated since 21.08.2007
Published: 24.11.2008
Source: MustLive
SecurityVulns ID: 8081
Type: client
Level: 3/10
Description: Crossite scripting in context of local machine is possible on saving URL with address like http://site/--><script>alert("XSS")</script>

Affected: MICROSOFT : Windows 2000 Server
MICROSOFT : Windows 2000 Professional
MICROSOFT : Windows XP
MICROSOFT : Windows 2003 Server
CVE: CVE-2007-4478 (Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6.0 allows user-assisted remote attackers to inject arbitrary web script or HTML in the local zone via a URI, when the document at the associated URL is saved to a local file, which then contains the URI string along with the document's original content.)

Original document MustLive, Code Execution via XSS in Internet Explorer (24.11.2008)

David Vaartjes, [Fwd: RE: XSS via IE MOTW feature. [sd]] (22.08.2007)

MustLive, Vulnerability in Internet Explorer (21.08.2007)

Discuss: Read or add your comments to this news (3 comments)

	MustLive: Межсайтовый скриптинг в сохраненных страницах Microsoft Internet Explorer (crossite scripting 22.08.2007 21:07:11
	Владимир! Источник: SECURITYVULNS - это ты поспешил ;-). Указывай точные источники - в данном случае MustLive. Будь, пожалуйста, корректным.

		3APA3A: Re: Межсайтовый скриптинг в сохраненных страницах Microsoft Internet Explorer (crossite scriptin 22.08.2007 23:17:11
		Источник, это место откуда "перепечатана" статья. В данном месте ниоткуда. Но мне совершенно некритично, могу поставить и MustLive.

Show		Threads
		Messages

Main Forum (Eng) General security questions not appropriate for another forums.	3proxy Forum (Eng) All 3proxy question must be posted to this forum.	Bugs, Vulnerabilities, PoCs and Exploits (Eng) All vulnerability related questions, vulnerability digging and exploit creation.	Windows programming and administration (Eng) Administering Windows and application development.	Unix programming and administation (Eng) Administering Unix and application development.	Test forum Please post all test messages here. All test messages from different forums will be deteted.
Main Forum (Rus)	3proxy Forum (Rus)	Bugs, Vulnerabilities, PoCs and Exploits (Rus)	Windows programming and administration (Rus)	Unix programming and administation (Rus)