Microsoft IE history.back Function Information Disclosure (RefBack)

2003-09-10T00:00:00
ID OSVDB:3095
Type osvdb
Reporter OSVDB
Modified 2003-09-10T00:00:00

Description

Vulnerability Description

Microsoft Internet Explorer allows a remote attacker to obtain sensitive information from a remote system. The issue is due to a flaw in the history.back function and how it operates related to web sites loaded in different frames.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: Disable Active Scripting, ActiveX, and Web site plug-ins.

Short Description

Microsoft Internet Explorer allows a remote attacker to obtain sensitive information from a remote system. The issue is due to a flaw in the history.back function and how it operates related to web sites loaded in different frames.

References:

Secunia Advisory ID:9711 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-09/0172.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-09/0157.html Keyword: RefBack Keyword: BackMyParent2:Multi-Thread version Keyword: BackMyParent2 ISS X-Force ID: 13166 Bugtraq ID: 8577