Internet Explorer Request Header Cross-Domain Information Disclosure (MS08-031; CVE-2008-1544)

An information disclosure vulnerability has been reported in the way that Internet Explorer handles certain request headers. The vulnerability is due to an error in Internet Explorer that incorrectly parses a specially crafted request header, allowing a violation of the same origin policy. To...

Microsoft IE HTML对象substringData()堆溢出漏洞（MS08-031）

BUGTRAQ ID: 29556 CVECAN ID: CVE-2008-1442 Internet Explorer是微软发布的非常流行的WEB浏览器。 Internet Explorer显示包含对HTML对象的某些异常方法调用的网页的方式中存在堆溢出漏洞,如果DOM对象以可控的方式调用了substringData的话，就可以触发这个漏洞。攻击者可以通过构建特制的网页来利用该漏洞。当用户查看网页时，该漏洞可能允许远程执行指令。成功利用此漏洞的攻击者可以获得与登录用户相同的用户权限。 Microsoft Internet Explorer 7.0 Microsoft Internet...

Microsoft Security Bulletin MS08-031 - Critical Cumulative Security Update for Internet Explorer (950759)

Microsoft Security Bulletin MS08-031 - Critical Cumulative Security Update for Internet Explorer 950759 Published: June 10, 2008 Version: 1.0 General Information Executive Summary This security update resolves one privately reported and one publicly disclosed vulnerability. The privately reported...