Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Internet Explorer multiple security vulnerabilities
Published:11.06.2008
Source:
SecurityVulns ID:9074
Type:client
Threat Level:
6/10
Description:Crossite scripting, information leak.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
CVE:CVE-2008-1544 (The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 7 does not block dangerous HTTP request headers when certain 8-bit character sequences are appended to a header name, which allows remote attackers to (1) conduct HTTP request splitting and HTTP request smuggling attacks via an incorrect Content-Length header, (2) access arbitrary virtual hosts via a modified Host header, and (3) bypass referrer restrictions via an incorrect Referer header.)
 CVE-2008-1442
Original documentdocumentZDI, ZDI-08-039: Microsoft Internet Explorer DOM Ojbect substringData() Heap Overflow Vulnerability (11.06.2008)
 documentMICROSOFT, Microsoft Security Bulletin MS08-031 - Critical Cumulative Security Update for Internet Explorer (950759) (11.06.2008)
Files:Microsoft Security Bulletin MS08-031 - Critical Cumulative Security Update for Internet Explorer (950759)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod