3 matches found
Microsoft IE 8 toStaticHTML()函数不安全HTML过滤漏洞(MS10-071/MS10-072)
BUGTRAQ ID: 42467 CVECAN ID: CVE-2010-3324 Internet Explorer是Windows操作系统中默认捆绑的web浏览器。 IE8中对窗口对象提供了名为toStaticHTML的过滤方式。如果向这个函数传送了HTML字符串,在返回之前会删除所有可执行的脚本结构。例如,可使用toStaticHTML方式确保从postMessage调用所接收到的HTML无法执行脚本,但可利用基本格式: document.attachEvent'onmessage',functione if e.domain == 'weather.example.com'...
Internet Explorer toStaticHTML API Cross-Site-Scripting (MS10-072; CVE-2010-3324)
Multiple memory corruption vulnerabilities have been reported in Microsoft Internet Explorer. An information disclosure vulnerability has been reported in the way that the toStaticHTML API sanitizes HTML. The vulnerability is due to the way that Internet Explorer handles content using specific...
CVE-2010-3324
CVE-2010-3324 describes an IE8/SharePoint CSS @import-based XSS bypass. The connected MSKB MS10-035 documents a broader cumulative security update for Internet Explorer to address IE vulnerabilities (including remote code execution via crafted pages) and provides update guidance. However, the pro...