Design/Logic Flaw

WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, does not properly interpret Unicode encoding, which allows remote attackers to spoof a postMessage origin, and bypass intended restrictions on sending a message to a connected frame or window, via crafted characters in a URL...

CVE-2014-1346

CVE-2014-1346 affects WebKit as used in Apple Safari before 6.1.4 and 7.x before 7.0.4. The issue is an encoding/unicode handling flaw in URLs that allows remote attackers to spoof a postMessage origin and bypass restrictions when sending a message to a connected frame/window. Impact is spoofing ...

CVE-2014-1346

WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, does not properly interpret Unicode encoding, which allows remote attackers to spoof a postMessage origin, and bypass intended restrictions on sending a message to a connected frame or window, via crafted characters in a URL...

Microsoft Windows Kernel 'Win32k.sys'本地权限提升漏洞(MS12-018)

BUGTRAQ ID: 52317 CVE ID: CVE-2012-0157 Microsoft Windows是流行的计算机操作系统。 Windows Kernel Win32k.sys在处理"PostMessage"函数时存在本地权限提升漏洞，本地攻击者可利用此漏洞通过传递特定输入到某些参数，以提升的权限执行任意代码，造成完全控制受影响计算机。 0 Microsoft Windows Server 2003 Standard Edition Microsoft Windows Server 2003 Enterprise Edition Microsoft Windows Serv...

Windows Kernel-Mode Drivers Privilege Elevation Vulnerability (2641653)

This host is missing an important security update according to Microsoft Bulletin MS12-018. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Design/Logic Flaw

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle window messaging, which allows local users to gain privileges via a crafted applicati...

CVE-2012-0157

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle window messaging, which allows local users to gain privileges via a crafted applicati...

CVE-2012-0157

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle window messaging, which allows local users to gain privileges via a crafted applicati...

CVE-2012-0157

CVE-2012-0157 affects Windows kernel Win32k.sys, where local users can elevate privileges by crafting inputs to PostMessage. Public sources (MS12-018) and multiple vulnerability feeds confirm a kernel-mode privilege-escalation flaw exploitable via PostMessage handling in win32k.sys on affected Wi...

PT-2012-2357 · Microsoft · Windows Xp +6

Name of the Vulnerable Software and Affected Versions: win32k.sys in Microsoft Windows versions prior to the fixed version Description: The issue arises from the improper handling of window messaging by the win32k.sys kernel-mode driver, allowing local users to gain privileges via a crafted...

Microsoft Windows Kernel win32k.sys SysCommand Code Execution (MS11-034; CVE-2011-1239)

The Windows kernel is the core of the operating system. It provides system-level services such as device management and memory management, allocates processor time to processes, and manages error handling. An elevation of privilege vulnerability has been reported in the Windows kernel. The...

CVE-2010-4576

browser/workerhost/messageportdispatcher.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 does not properly handle certain postMessage calls, which allows remote attackers to cause a denial of service NULL pointer dereference and application crash via crafted JavaScript cod...

Null pointer dereference

browser/workerhost/messageportdispatcher.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 does not properly handle certain postMessage calls, which allows remote attackers to cause a denial of service NULL pointer dereference and application crash via crafted JavaScript cod...

CVE-2010-4576

Removed by vendor...

Microsoft IE 8 toStaticHTML()函数不安全HTML过滤漏洞(MS10-071/MS10-072)

BUGTRAQ ID: 42467 CVECAN ID: CVE-2010-3324 Internet Explorer是Windows操作系统中默认捆绑的web浏览器。 IE8中对窗口对象提供了名为toStaticHTML的过滤方式。如果向这个函数传送了HTML字符串，在返回之前会删除所有可执行的脚本结构。例如，可使用toStaticHTML方式确保从postMessage调用所接收到的HTML无法执行脚本，但可利用基本格式： document.attachEvent'onmessage',functione if e.domain == 'weather.example.com'...

Security a Concern as HTML5 Gains Traction

From animated logos to Web videos for hip, independent bands, HTML5 is getting buzz and gaining traction. But concerns about the security of features in the new version of the Web’s lingua franca persist. Every technology innovation has its coming out party, and Google Inc.’s recent “dancing ball...

Microsoft Internet Explorer 8 - 'toStaticHTML()' HTML Sanitization Bypass

source: https://www.securityfocus.com/bid/42467/info Internet Explorer 8 is prone to a security-bypass weakness. Internet Explorer 8 includes a method designed to sanitize executable script constructs from HTML. Attackers can bypass this protection, allowing script code to execute on the client,...

Microsoft Internet Explorer 8 - toStaticHTML() HTML Sanitization Bypass

Microsoft Internet Explorer 8 - toStaticHTML HTML Sanitization Bypass source: https://www.securityfocus.com/bid/42467/info Internet Explorer 8 is prone to a security-bypass weakness. Internet Explorer 8 includes a method designed to sanitize executable script constructs from HTML. Attackers can...

CVE-2010-1734

The SfnINSTRING function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service system crash via a 0x18d value in the second argument aka the Msg argument of a PostMessage function call for the DDEMLEvent window...

CVE-2010-1735

The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service system crash via a 0x4c value in the second argument aka the Msg argument of a PostMessage function call for the DDEMLEvent window...