Microsoft IE Multimedia Page XSS (viaSWFurl)

2002-12-26T03:05:13
ID OSVDB:7916
Type osvdb
Reporter OSVDB
Modified 2002-12-26T03:05:13

Description

Vulnerability Description

Microsoft Internet Explorer (IE) contains a flaw that allows a remote cross site scripting attack. This issue is due to IE inproperly sanitizing URL input when it generates a page to load a multimedia file. By creating a specially crafted URL for a multimedia file containing embedded script, a remote attacker can execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): disable the execution of script code in the security settings of Internet Explorer.

Short Description

Microsoft Internet Explorer (IE) contains a flaw that allows a remote cross site scripting attack. This issue is due to IE inproperly sanitizing URL input when it generates a page to load a multimedia file. By creating a specially crafted URL for a multimedia file containing embedded script, a remote attacker can execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[victim]/flash.swf?"><SCRIPT>alert(document.cookie)</SCRIPT>

References:

Other Advisory URL: http://umbrella.name/originalvuln/msie/viaSWFurl/viaSWFurl-Content.htm Keyword: Exploit-ViaSWFurl Keyword: Swaffer.Exploit ISS X-Force ID: 10945 Generic Informational URL: http://vil.nai.com/vil/content/v_121775.htm Generic Informational URL: http://securityresponse.symantec.com/avcenter/venc/data/swaffer.exploit.html Bugtraq ID: 6481