{"type": "myhack58", "published": "2015-02-06T00:00:00", "reporter": "\u4f5a\u540d", "bulletinFamily": "info", "cvelist": [], "cvss": {"vector": "NONE", "score": 0.0}, "enchantments": {"score": {"value": 1.5, "vector": "NONE", "modified": "2016-11-10T18:29:37", "rev": 2}, "dependencies": {"references": [], "modified": "2016-11-10T18:29:37", "rev": 2}, "vulnersScore": 1.5}, "lastseen": "2016-11-10T18:29:37", "viewCount": 0, "id": "MYHACK58:62201558836", "references": [], "edition": 1, "href": "http://www.myhack58.com/Article/html/3/62/2015/58836.htm", "modified": "2015-02-06T00:00:00", "title": "Recent XSS 0day vulnerability struck, the impact of the latest version of the IE browser-vulnerability warning-the black bar safety net", "description": "! [](/Article/UploadPic/2015-2/201525135853273.jpg) \n\n\n**Security researchers recently discovered a serious[XSS](<http://www.myhack58.com/Article/html/3/7/Article_007_1.htm>) 0day vulnerability that can impact the latest version of the IE browser, the user is exposed in the attack and identity theft risk.**\n\n**Vulnerability information**\n\n**The vulnerability can affect fully restored IE browser, hackers can exploit the vulnerability to steal sensitive user data such as logon credentials and be able to browser sessions to inject malicious content.**\n\nAn attacker using the[XSS](<http://www.myhack58.com/Article/html/3/7/Article_007_1.htm>)the vulnerability may bypass the same-origin policy\uff08SOP\uff09\u3002 The same-origin policy is a web application in a basic security model used to protect the user's browsing experience.\n\nThe same origin policy on Wikipedia interpreted as:\n\n\n\u201cThe policy allows the same site, system, host name, and port number combination on the page of the script to access each other's DOM, but no specific restrictions, but blocking access to different sites on the DOM.\u201d\n\n**Vulnerability POC** \n\n\n**[1] [[2]](<58836_2.htm>) [[3]](<58836_3.htm>) [next](<58836_2.htm>)**\n"}

{}