Search...

Microsoft Internet Explorer Cookie Hijacking Vulnerability

2011-06-13T00:00:00

ID OPENVAS:1361412562310802202
Type openvas
Reporter Copyright (C) 2011 Greenbone Networks GmbH
Modified 2018-10-20T00:00:00

Description

The host is installed with Internet Explorer and is prone to cookie hijacking vulnerability.

                                        
                                            ###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_ms_ie_cookie_hijacking_vuln.nasl 11997 2018-10-20 11:59:41Z mmartin $
#
# Microsoft Internet Explorer Cookie Hijacking Vulnerability
#
# Authors:
# Sooraj KS &lt;kssooraj@secpod.com&gt;
#
# Copyright:
# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
##############################################################################

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.802202");
  script_version("$Revision: 11997 $");
  script_tag(name:"last_modification", value:"$Date: 2018-10-20 13:59:41 +0200 (Sat, 20 Oct 2018) $");
  script_tag(name:"creation_date", value:"2011-06-13 15:28:04 +0200 (Mon, 13 Jun 2011)");
  script_tag(name:"cvss_base", value:"4.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:N/A:N");
  script_cve_id("CVE-2011-2382");
  script_name("Microsoft Internet Explorer Cookie Hijacking Vulnerability");
  script_xref(name:"URL", value:"http://www.networkworld.com/community/node/74259");
  script_xref(name:"URL", value:"http://www.theregister.co.uk/2011/05/25/microsoft_internet_explorer_cookiejacking/");

  script_tag(name:"qod_type", value:"registry");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2011 Greenbone Networks GmbH");
  script_family("General");
  script_dependencies("gb_ms_ie_detect.nasl");
  script_mandatory_keys("MS/IE/Version");

  script_tag(name:"impact", value:"Successful exploitation will allow remote attackers to read cookie
files of the victim and impersonate users requests.");
  script_tag(name:"affected", value:"Internet Explorer Version 8 and prior and Version 9 Beta.");
  script_tag(name:"insight", value:"The flaw exists due to the application which does not properly
restrict cross-zone drag-and-drop actions, allows user-assisted remote attackers
to read cookie files via vectors involving an IFRAME element with a SRC
attribute containing a file: URL.");
  script_tag(name:"solution", value:"No known solution was made available for at least one year since the disclosure
  of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer
  release, disable respective features, remove the product or replace the product by another one.");
  script_tag(name:"summary", value:"The host is installed with Internet Explorer and is prone to
cookie hijacking vulnerability.");
  script_tag(name:"solution_type", value:"WillNotFix");
  exit(0);
}

include("version_func.inc");

ieVer = get_kb_item("MS/IE/Version");
if(!ieVer){
  exit(0);
}

# version = 9.0.7930.16406
if(version_is_less_equal(version:ieVer, test_version:"8.0.6001.18702")||
  version_is_equal(version:ieVer, test_version:"9.0.7930.16406")){
  security_message( port: 0, data: "The target host was found to be vulnerable" );
}

JSON Vulners Source

Initial Source

{"id": "OPENVAS:1361412562310802202", "type": "openvas", "bulletinFamily": "scanner", "title": "Microsoft Internet Explorer Cookie Hijacking Vulnerability", "description": "The host is installed with Internet Explorer and is prone to\ncookie hijacking vulnerability.", "published": "2011-06-13T00:00:00", "modified": "2018-10-20T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802202", "reporter": "Copyright (C) 2011 Greenbone Networks GmbH", "references": ["http://www.networkworld.com/community/node/74259", "http://www.theregister.co.uk/2011/05/25/microsoft_internet_explorer_cookiejacking/"], "cvelist": ["CVE-2011-2382"], "lastseen": "2019-05-29T18:39:25", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2011-2382"]}, {"type": "openvas", "idList": ["OPENVAS:802202"]}, {"type": "seebug", "idList": ["SSV:20841"]}, {"type": "nessus", "idList": ["SMB_NT_MS11-057.NASL"]}], "modified": "2019-05-29T18:39:25", "rev": 2}, "score": {"value": 6.8, "vector": "NONE", "modified": "2019-05-29T18:39:25", "rev": 2}, "vulnersScore": 6.8}, "pluginID": "1361412562310802202", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ms_ie_cookie_hijacking_vuln.nasl 11997 2018-10-20 11:59:41Z mmartin $\n#\n# Microsoft Internet Explorer Cookie Hijacking Vulnerability\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n##############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802202\");\n script_version(\"$Revision: 11997 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-20 13:59:41 +0200 (Sat, 20 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-06-13 15:28:04 +0200 (Mon, 13 Jun 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2011-2382\");\n script_name(\"Microsoft Internet Explorer Cookie Hijacking Vulnerability\");\n script_xref(name:\"URL\", value:\"http://www.networkworld.com/community/node/74259\");\n script_xref(name:\"URL\", value:\"http://www.theregister.co.uk/2011/05/25/microsoft_internet_explorer_cookiejacking/\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_ms_ie_detect.nasl\");\n script_mandatory_keys(\"MS/IE/Version\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to read cookie\nfiles of the victim and impersonate users requests.\");\n script_tag(name:\"affected\", value:\"Internet Explorer Version 8 and prior and Version 9 Beta.\");\n script_tag(name:\"insight\", value:\"The flaw exists due to the application which does not properly\nrestrict cross-zone drag-and-drop actions, allows user-assisted remote attackers\nto read cookie files via vectors involving an IFRAME element with a SRC\nattribute containing a file: URL.\");\n script_tag(name:\"solution\", value:\"No known solution was made available for at least one year since the disclosure\n of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer\n release, disable respective features, remove the product or replace the product by another one.\");\n script_tag(name:\"summary\", value:\"The host is installed with Internet Explorer and is prone to\ncookie hijacking vulnerability.\");\n script_tag(name:\"solution_type\", value:\"WillNotFix\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nieVer = get_kb_item(\"MS/IE/Version\");\nif(!ieVer){\n exit(0);\n}\n\n# version = 9.0.7930.16406\nif(version_is_less_equal(version:ieVer, test_version:\"8.0.6001.18702\")||\n version_is_equal(version:ieVer, test_version:\"9.0.7930.16406\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n}\n", "naslFamily": "General"}

{"cve": [{"lastseen": "2021-02-02T05:51:03", "description": "Microsoft Internet Explorer 8 and earlier, and Internet Explorer 9 beta, does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing a file: URL, as demonstrated by a Facebook game, related to a \"cookiejacking\" issue.", "edition": 8, "cvss3": {}, "published": "2011-06-03T17:55:00", "title": "CVE-2011-2382", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2382"], "modified": "2011-06-14T04:00:00", "cpe": ["cpe:/a:microsoft:ie:7.0.5730", "cpe:/a:microsoft:ie:5.0.1", "cpe:/a:microsoft:ie:3.2", "cpe:/a:microsoft:ie:9", "cpe:/a:microsoft:ie:6.00.2900.2180", "cpe:/a:microsoft:ie:6.0.2800.1106", "cpe:/a:microsoft:ie:3.0.2", "cpe:/a:microsoft:ie:5.50.4522.1800", "cpe:/a:microsoft:ie:5.50.3825.1300", "cpe:/a:microsoft:ie:5.00.3700.1000", "cpe:/a:microsoft:ie:7.00.5730.1100", "cpe:/a:microsoft:ie:4.40.308", "cpe:/a:microsoft:ie:5.00.3314.2101", "cpe:/a:microsoft:ie:4.71.1008.3", "cpe:/a:microsoft:ie:6.00.2600.0000", "cpe:/a:microsoft:ie:7.00.6000.16386", "cpe:/a:microsoft:ie:6.00.3790.1830", "cpe:/a:microsoft:ie:4.72.3110.8", "cpe:/a:microsoft:ie:6.0.2900", "cpe:/a:microsoft:ie:6", "cpe:/a:microsoft:ie:5.00.2920.0000", "cpe:/a:microsoft:ie:6.00.2479.0006", "cpe:/a:microsoft:ie:5.50.4308.2900", "cpe:/a:microsoft:ie:5.00.2919.800", "cpe:/a:microsoft:ie:5.50.4134.0100", "cpe:/a:microsoft:ie:4.0", "cpe:/a:microsoft:ie:7.0", "cpe:/a:microsoft:ie:5.00.2014.0216", "cpe:/a:microsoft:ie:6.00.2462.0000", "cpe:/a:microsoft:ie:5.50.4807.2300", "cpe:/a:microsoft:ie:3.0", "cpe:/a:microsoft:ie:4.01", "cpe:/a:microsoft:ie:4.72.3612.1713", "cpe:/a:microsoft:ie:5.00.3315.1000", "cpe:/a:microsoft:ie:8", "cpe:/a:microsoft:ie:4.0.1", "cpe:/a:microsoft:ie:5.00.3105.0106", "cpe:/a:microsoft:ie:6.00.3790.0000", "cpe:/a:microsoft:ie:3.1", "cpe:/a:microsoft:ie:4.70.1155", "cpe:/a:microsoft:ie:5.00.3103.1000", "cpe:/a:microsoft:ie:6.0", "cpe:/a:microsoft:ie:4.72.2106.8", "cpe:/a:microsoft:ie:4.71.1712.6", "cpe:/a:microsoft:ie:5.50.4134.0600", "cpe:/a:microsoft:ie:6.0.2800", "cpe:/a:microsoft:ie:5.00.3502.1000", "cpe:/a:microsoft:ie:4.1", "cpe:/a:microsoft:ie:5.00.2314.1003", "cpe:/a:microsoft:ie:5.1", "cpe:/a:microsoft:ie:4.40.520", "cpe:/a:microsoft:ie:4.5", "cpe:/a:microsoft:ie:5.5", "cpe:/a:microsoft:ie:5.2.3", "cpe:/a:microsoft:ie:3.0.1", "cpe:/a:microsoft:ie:5.00.0910.1309", "cpe:/a:microsoft:ie:4.70.1215", "cpe:/a:microsoft:ie:5.00.2919.6307", "cpe:/a:microsoft:ie:7.00.6000.16441", "cpe:/a:microsoft:ie:6.0.2900.2180", "cpe:/a:microsoft:ie:6.00.3663.0000", "cpe:/a:microsoft:ie:5.01", "cpe:/a:microsoft:ie:6.0.2600", "cpe:/a:microsoft:ie:6.00.2800.1106", "cpe:/a:microsoft:ie:5.50.4030.2400", "cpe:/a:microsoft:ie:7.0.5730.11", "cpe:/a:microsoft:ie:5.0", "cpe:/a:microsoft:ie:4.70.1300", "cpe:/a:microsoft:ie:5.00.2516.1900", "cpe:/a:microsoft:ie:7", "cpe:/a:microsoft:ie:5", "cpe:/a:microsoft:ie:5.00.0518.10", "cpe:/a:microsoft:ie:4.70.1158", "cpe:/a:microsoft:ie:6.00.3790.3959", "cpe:/a:microsoft:ie:6.00.3718.0000", "cpe:/a:microsoft:ie:4.71.544", "cpe:/a:microsoft:ie:5.00.2919.3800", "cpe:/a:microsoft:ie:5.00.2614.3500"], "id": "CVE-2011-2382", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2382", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:microsoft:ie:5.00.3314.2101:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:3.1:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:7.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:5.00.3700.1000:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:5.50.4807.2300:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:5.1:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:6.00.2462.0000:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:9:beta:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:6:sp1:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:5.00.0518.10:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:5.50.4308.2900:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:5.01:sp2:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:7.0.5730:unknown:gold:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:5.5:preview:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:5:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:6.00.2900.2180:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:5.5:sp1:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:5.00.2919.6307:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:5.00.2014.0216:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:4.71.1008.3:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:5.01:sp4:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:5.00.0910.1309:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:7.0:beta:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:4.40.520:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:5.50.3825.1300:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:6.00.2800.1106:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:4.72.2106.8:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:3.2:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:6.00.3790.0000:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:5.01:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:5.00.3103.1000:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:6.0.2800.1106:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:6.00.3663.0000:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:5.0.1:sp4:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:5.0.1:sp1:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:4.70.1155:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:5.50.4522.1800:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:4.5:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:6.00.2600.0000:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:4.72.3612.1713:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:6.0.2900:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:5.01:sp3:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:6:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:5.00.2516.1900:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:5.00.3315.1000:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:7.00.5730.1100:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:4.40.308:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:5.50.4134.0100:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:5.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:7.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:4.70.1215:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:5.00.3105.0106:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:5.00.2314.1003:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:7.00.6000.16441:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:4.0.1:sp1:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:5.0.1:sp3:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:8:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:5.50.4030.2400:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:5.50.4134.0600:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:4.70.1158:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:5.00.2920.0000:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:5.0.1:sp2:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:6.00.3790.3959:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:7:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:7.0.5730.11:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:7.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:5.00.3502.1000:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:5.00.2614.3500:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:4.71.1712.6:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:6.00.3790.1830:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:6.00.3718.0000:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:6.0.2600:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:4.01:sp1:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:4.1:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:5.01:sp1:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:4.01:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:4.71.544:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:6.0.2800:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:4.0.1:sp2:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:5.00.2919.800:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:7.00.6000.16386:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:6.0.2900.2180:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:4.72.3110.8:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:4.70.1300:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:5.00.2919.3800:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:6.00.2479.0006:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-07-20T08:55:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2382"], "description": "The host is installed with Internet Explorer and is prone to\ncookie hijacking vulnerability.", "modified": "2017-07-05T00:00:00", "published": "2011-06-13T00:00:00", "id": "OPENVAS:802202", "href": "http://plugins.openvas.org/nasl.php?oid=802202", "type": "openvas", "title": "Microsoft Internet Explorer Cookie Hijacking Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ms_ie_cookie_hijacking_vuln.nasl 6526 2017-07-05 05:43:52Z cfischer $\n#\n# Microsoft Internet Explorer Cookie Hijacking Vulnerability\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n##############################################################################\n\ntag_impact = \"Successful exploitation will allow remote attackers to read cookie\nfiles of the victim and impersonate users requests.\n\nImpact Level: Application\";\n\ntag_affected = \"Internet Explorer Version 8 and prior and Version 9 Beta.\";\n\ntag_insight = \"The flaw exists due to the application which does not properly\nrestrict cross-zone drag-and-drop actions, allows user-assisted remote attackers\nto read cookie files via vectors involving an IFRAME element with a SRC\nattribute containing a file: URL.\";\n\ntag_solution = \"No solution or patch was made available for at least one year\nsince disclosure of this vulnerability. Likely none will be provided anymore.\nGeneral solution options are to upgrade to a newer release, disable respective\nfeatures, remove the product or replace the product by another one.\";\n\ntag_summary = \"The host is installed with Internet Explorer and is prone to\ncookie hijacking vulnerability.\";\n\nif(description)\n{\n script_id(802202);\n script_version(\"$Revision: 6526 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-05 07:43:52 +0200 (Wed, 05 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-06-13 15:28:04 +0200 (Mon, 13 Jun 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2011-2382\");\n script_name(\"Microsoft Internet Explorer Cookie Hijacking Vulnerability\");\n script_xref(name : \"URL\" , value : \"http://www.networkworld.com/community/node/74259\");\n script_xref(name : \"URL\" , value : \"http://www.theregister.co.uk/2011/05/25/microsoft_internet_explorer_cookiejacking/\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_ms_ie_detect.nasl\");\n script_mandatory_keys(\"MS/IE/Version\");\n\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"solution_type\", value:\"WillNotFix\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nieVer = get_kb_item(\"MS/IE/Version\");\nif(!ieVer){\n exit(0);\n}\n\n# Check for Microsoft Internet Explorer version <= 8.0.6001.18702 and\n# version = 9.0.7930.16406\nif(version_is_less_equal(version:ieVer, test_version:\"8.0.6001.18702\")||\n version_is_equal(version:ieVer, test_version:\"9.0.7930.16406\")){\n security_message(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "seebug": [{"lastseen": "2017-11-19T18:00:47", "description": "Bugtraq ID: 47989\r\nCVE ID\uff1aCVE-2011-2382\r\nCVE-2011-2383\r\n\r\nMicrosoft Internet Explorer\u662f\u4e00\u6b3e\u6d41\u884c\u7684WEB\u6d4f\u89c8\u5668\u3002\r\nMicrosoft Internet Explorer\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u83b7\u5f97\u654f\u611f\u4fe1\u606f\u6216\u5728\u672c\u5730\u8d44\u6e90\u4e0a\u6267\u884c\u67d0\u4e9b\u64cd\u4f5c\u3002\r\n1)\u5e94\u7528\u7a0b\u5e8f\u5141\u8bb8\u7f51\u7edc\u5171\u4eab\u663e\u793a\u5728iFrame\u4e2d\uff0c\u8bbe\u7f6eiFrame\u5f15\u7528"\\\\127.0.0.1\\c$\\"\u53ef\u8bf1\u4f7f\u7528\u6237\u5bf9\u672c\u5730\u6587\u4ef6\u5939\u548c\u6587\u4ef6\u4e0a\u6267\u884c\u67d0\u4e9b\u64cd\u4f5c(CVE-2011-2383)\u3002\r\n\u6210\u529f\u5229\u7528\u6f0f\u6d1e\u5141\u8bb8\u5220\u9664\u672c\u5730\u6587\u4ef6\u5939\uff0c\u628a\u56fe\u7247\u5b58\u50a8\u5728\u672c\u5730\u6587\u4ef6\u4ef6\u4e2d\u6216\u91cd\u547d\u540d\u672c\u5730\u6587\u4ef6\u548c\u6587\u4ef6\u5939\uff0c\u4f46\u9700\u8981\u7528\u6237\u6267\u884c\u67d0\u4e9b\u952e\u76d8\u6216\u9f20\u6807\u64cd\u4f5c\u3002\r\n2)\u5904\u7406iFrame\u4e2d\u7684cookie\u6587\u4ef6\u65f6\u5b58\u5728\u9519\u8bef\uff0c\u6784\u5efa\u6076\u610fWEB\u9875\uff0c\u8bf1\u4f7f\u7528\u6237\u8bbf\u95ee\u53ef\u83b7\u5f97\u76ee\u6807\u7528\u6237\u7684\u654f\u611fcookie\u4fe1\u606f(CVE-2011-2382)\n\nMicrosoft Internet Explorer 7.0.5730 .11\r\nMicrosoft Internet Explorer 9\r\nMicrosoft Internet Explorer 8.0.7600.16385\r\nMicrosoft Internet Explorer 8 RC1\r\nMicrosoft Internet Explorer 8\r\nMicrosoft Internet Explorer 7.0\r\nMicrosoft Internet Explorer 6.0 SP3\r\nMicrosoft Internet Explorer 6.0 SP2\r\nMicrosoft Internet Explorer 6.0 SP1\r\nMicrosoft Internet Explorer 6.0\n\u5382\u5546\u89e3\u51b3\u65b9\u6848\r\n\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttp://www.microsoft.com/technet/security/Bulletin/MS11-057.mspx", "published": "2011-08-10T00:00:00", "title": "Microsoft Internet Explorer\u8de8\u57df\u672c\u5730Cookie\u6587\u4ef6\u8bbf\u95ee\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2011-2382", "CVE-2011-2383"], "modified": "2011-08-10T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-20841", "id": "SSV:20841", "sourceData": "", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": ""}], "nessus": [{"lastseen": "2021-02-01T06:14:57", "description": "The remote host is missing Internet Explorer (IE) Security Update\n2559049.\n\nThe installed version of IE is affected by several vulnerabilities that\ncould allow an attacker to execute arbitrary code on the remote host.", "edition": 26, "published": "2011-08-09T00:00:00", "title": "MS11-057: Critical Cumulative Security Update for Internet Explorer (2559049)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2383", "CVE-2011-1257", "CVE-2011-1962", "CVE-2011-1960", "CVE-2011-1964", "CVE-2011-2382", "CVE-2011-1347", "CVE-2011-1963", "CVE-2011-1961"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:ie"], "id": "SMB_NT_MS11-057.NASL", "href": "https://www.tenable.com/plugins/nessus/55787", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(55787);\n script_version(\"1.21\");\n script_cvs_date(\"Date: 2018/11/15 20:50:31\");\n\n script_cve_id(\n \"CVE-2011-1257\",\n \"CVE-2011-1347\",\n \"CVE-2011-1960\",\n \"CVE-2011-1961\",\n \"CVE-2011-1962\",\n \"CVE-2011-1963\",\n \"CVE-2011-1964\",\n \"CVE-2011-2382\",\n \"CVE-2011-2383\"\n );\n script_bugtraq_id(\n 46821,\n 47989,\n 48994,\n 49023,\n 49027,\n 49032,\n 49037,\n 49039\n );\n script_xref(name:\"MSFT\", value:\"MS11-057\");\n script_xref(name:\"MSKB\", value:\"2559049\");\n\n script_name(english:\"MS11-057: Critical Cumulative Security Update for Internet Explorer (2559049)\");\n script_summary(english:\"Checks version of Mshtml.dll\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"Arbitrary code can be executed on the remote host through a web\nbrowser.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is missing Internet Explorer (IE) Security Update\n2559049.\n\nThe installed version of IE is affected by several vulnerabilities that\ncould allow an attacker to execute arbitrary code on the remote host.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-247/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-248/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-249/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2011/ms11-057\");\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Microsoft has released a set of patches for XP, 2003, Vista, 2008, 7,\nand 2008 R2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/05/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:ie\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, 'Host/patch_management_checks');\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"misc_func.inc\");\n\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS11-057';\nkb = '2559049';\n\nkbs = make_list(kb);\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(xp:'3', win2003:'2', vista:'2', win7:'0,1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nrootfile = hotfix_get_systemroot();\nif (!rootfile) exit(1, \"Failed to get the system root.\");\n\nshare = hotfix_path2share(path:rootfile);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n # Windows 7 and Windows Server 2008 R2\n #\n # - Internet Explorer 9\n hotfix_is_vulnerable(os:\"6.1\", file:\"Mshtml.dll\", version:\"9.0.8112.20534\", min_version:\"9.0.8112.20000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.1\", file:\"Mshtml.dll\", version:\"9.0.8112.16434\", min_version:\"9.0.8112.16000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n\n # - Internet Explorer 8\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"Mshtml.dll\", version:\"8.0.7601.21776\", min_version:\"8.0.7601.20000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"Mshtml.dll\", version:\"8.0.7601.17655\", min_version:\"8.0.7601.17000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.1\", sp:0, file:\"Mshtml.dll\", version:\"8.0.7600.21013\", min_version:\"8.0.7600.20000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.1\", sp:0, file:\"Mshtml.dll\", version:\"8.0.7600.16853\", min_version:\"8.0.7600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n\n # Vista / Windows 2008\n #\n # - Internet Explorer 9\n hotfix_is_vulnerable(os:\"6.0\", file:\"Mshtml.dll\", version:\"9.0.8112.20534\", min_version:\"9.0.8112.20000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.0\", file:\"Mshtml.dll\", version:\"9.0.8112.16434\", min_version:\"9.0.8112.16000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n # - Internet Explorer 8\n hotfix_is_vulnerable(os:\"6.0\", file:\"Mshtml.dll\", version:\"8.0.6001.23216\", min_version:\"8.0.6001.20000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.0\", file:\"Mshtml.dll\", version:\"8.0.6001.19120\", min_version:\"8.0.6001.18000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n # - Internet Explorer 7\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"Mshtml.dll\", version:\"7.0.6002.22683\", min_version:\"7.0.6002.20000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"Mshtml.dll\", version:\"7.0.6002.18494\", min_version:\"7.0.6002.18000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n\n # Windows 2003 / XP 64-bit\n #\n # - Internet Explorer 8\n hotfix_is_vulnerable(os:\"5.2\", sp:2, file:\"Mshtml.dll\", version:\"8.0.6001.23216\", min_version:\"8.0.6001.20000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"5.2\", sp:2, file:\"Mshtml.dll\", version:\"8.0.6001.19120\", min_version:\"8.0.0.0\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n # - Internet Explorer 7\n hotfix_is_vulnerable(os:\"5.2\", sp:2, file:\"Mshtml.dll\", version:\"7.0.6000.21305\", min_version:\"7.0.6000.20000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"5.2\", sp:2, file:\"Mshtml.dll\", version:\"7.0.6000.17102\", min_version:\"7.0.0.0\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n # - Internet Explorer 6\n hotfix_is_vulnerable(os:\"5.2\", sp:2, file:\"Mshtml.dll\", version:\"6.0.3790.4882\", min_version:\"6.0.0.0\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n\n # Windows XP x86\n #\n # - Internet Explorer 8\n hotfix_is_vulnerable(os:\"5.1\", sp:3, file:\"Mshtml.dll\", version:\"8.0.6001.23216\", min_version:\"8.0.6001.20000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"5.1\", sp:3, file:\"Mshtml.dll\", version:\"8.0.6001.19120\", min_version:\"8.0.0.0\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n # - Internet Explorer 7\n hotfix_is_vulnerable(os:\"5.1\", sp:3, file:\"Mshtml.dll\", version:\"7.0.6000.21305\", min_version:\"7.0.6000.20000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"5.1\", sp:3, file:\"Mshtml.dll\", version:\"7.0.6000.17102\", min_version:\"7.0.0.0\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n # - Internet Explorer 6\n hotfix_is_vulnerable(os:\"5.1\", sp:3, file:\"Mshtml.dll\", version:\"6.0.2900.6129\", min_version:\"6.0.2900.0\", dir:\"\\system32\", bulletin:bulletin, kb:kb)\n )\n{\n set_kb_item(name:\"SMB/Missing/\"+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}