📄 Chromodo Browser 45.8.12.391 Same Origin Policy Weakness

This proof of concept demonstrates message passing between two browser windows when opened under the same logical context same origin. It affect Chromodo Browser version 45.8.12.391...

Apollo Embedded Sandbox and Explorer vulnerable to CSRF via window.postMessage origin-validation bypass

Impact A Cross-Site Request Forgery CSRF vulnerability was identified in Apollo’s Embedded Sandbox and Embedded Explorer. The vulnerability arises from missing origin validation in the client-side code that handles window.postMessage events. A malicious website can send forged messages to the...

Design/Logic Flaw

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle window messaging, which allows local users to gain privileges via a crafted applicati...

PT-2012-2357 · Microsoft · Windows Xp +6

Name of the Vulnerable Software and Affected Versions: win32k.sys in Microsoft Windows versions prior to the fixed version Description: The issue arises from the improper handling of window messaging by the win32k.sys kernel-mode driver, allowing local users to gain privileges via a crafted...

Microsoft Windows XP/2000/NT 4.0 - Window Message Subsystem Design Error (1)

// source: https://www.securityfocus.com/bid/5408/info A serious design error in the Win32 API has been reported. The issue is related to the inter-window message passing system. This vulnerability is wide-ranging and likely affects almost every Win32 window-based application. Attackers with loca...