Computer Security

Microsoft Internet Explorer multiple security vulnerabilities
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Microsoft Internet Explorer multiple security vulnerabilities
Published:11.06.2008
Source:BUGTRAQ
SecurityVulns ID:9074
Type:client
Level:6/10
Description:Crossite scripting, information leak.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
CVE:CVE-2008-1544 (The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 7 does not block dangerous HTTP request headers when certain 8-bit character sequences are appended to a header name, which allows remote attackers to (1) conduct HTTP request splitting and HTTP request smuggling attacks via an incorrect Content-Length header, (2) access arbitrary virtual hosts via a modified Host header, and (3) bypass referrer restrictions via an incorrect Referer header.)
 CVE-2008-1442
Original documentdocumentZDI, ZDI-08-039: Microsoft Internet Explorer DOM Ojbect substringData() Heap Overflow Vulnerability (11.06.2008)
 documentMICROSOFT, Microsoft Security Bulletin MS08-031 - Critical Cumulative Security Update for Internet Explorer (950759) (11.06.2008)
Files:Microsoft Security Bulletin MS08-031 - Critical Cumulative Security Update for Internet Explorer (950759)
Discuss:Read or add your comments to this news (1 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server