Microsoft IE Similar Method Name Redirection Cross Domain/Site Scripting

2004-10-12T17:18:16
ID OSVDB:10704
Type osvdb
Reporter OSVDB
Modified 2004-10-12T17:18:16

Description

Vulnerability Description

Internet Explorer contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the redirection of a function to another function with the same name. This could allow a user to create a specially crafted URL that would execute arbitrary code possibly in other security zones/domains in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft Corporation has released a patch to address this vulnerability.

Short Description

Internet Explorer contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the redirection of a function to another function with the same name. This could allow a user to create a specially crafted URL that would execute arbitrary code possibly in other security zones/domains in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

References:

Secunia Advisory ID:12048 Secunia Advisory ID:12806 Related OSVDB ID: 10708 Related OSVDB ID: 10709 Related OSVDB ID: 10710 Related OSVDB ID: 10705 Related OSVDB ID: 10706 Related OSVDB ID: 10707 Other Advisory URL: http://marc.theaimsgroup.com/?l=bugtraq&m=108966512815373&w=2 Other Advisory URL: http://freehost07.websamba.com/greyhats/similarmethodnameredir-discussion.htm Microsoft Security Bulletin: MS04-038 Microsoft Knowledge Base Article: 834707 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-07/0112.html Keyword: SimliarMethodNameRedir Keyword: Similar Method Name Redirection Vulnerability ISS X-Force ID: 16681 Generic Exploit URL: http://freehost07.websamba.com/greyhats/similarmethodnameredir.htm CVE-2004-0727 CIAC Advisory: p-006