Microsoft IE US-ASCII Character Set Filter Bypass XSS

2006-06-21T17:20:11
ID OSVDB:28376
Type osvdb
Reporter Kurt Huwig(k.huwig@iku-ag.de)
Modified 2006-06-21T17:20:11

Description

Vulnerability Description

Microsoft Internet Explorer contains a flaw related to the encoding Internet transmitted content into ASCII that may allow an attacker to bypass security filters, such as intrusion detection systems.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Microsoft Internet Explorer contains a flaw related to the encoding Internet transmitted content into ASCII that may allow an attacker to bypass security filters, such as intrusion detection systems.

References:

Other Advisory URL: http://ha.ckers.org/blog/20060621/malformed-ascii-bypasses-filters/ Other Advisory URL: http://ha.ckers.org/blog/20060621/us-ascii-xss-part-2/ Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0444.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0461.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0462.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0466.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0484.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0442.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0468.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0475.html Keyword: iKu Advisory ISS X-Force ID: 27288 Generic Exploit URL: http://www.iku-ag.de/ascii.cgi.htm CVE-2006-3227