Internet Explorer 6, 7 and 8 Window.open race condition Vulnerability Vendor URL: http://www.microsoft.com Advisore: http://lostmon.blogspot.com/2011/08/internet-explorer-6-7-and-8-windowopen.html Coordinate Dislcosure: YES exploit available: Private CVE-2011-1257 and MS011-57
A Remote attacker can compose a web page with malicious code and wen a victim visit this malformed web doc, attacker can exploit this situation.
Microsoft has issue a bulletin class with tecnical detalis about this issue with this identifier [MS011-57]
you can found more detailed at this link: http://www.microsoft.com/technet/security/bulletin/MS11-057.mspx
Also microsoft has issue a patch to solve this vulnerability see http://www.microsoft.com/technet/security/bulletin/MS11-057.mspx for update your system.
Discovered : January 13, 2011 Vendor Notify: January 19, 2011 Vendor Response: January 19, 2011 Vendor Patch: August 9, 2011 Public Disclosure: August 9, 2011
Thnx to Michal Zalewski for his extraordinary mind and knowledge, people like him should have a virtual statue for the rest of the times
Thnx To Jack, Gerardo, Nate and all MSRC for his support in this issue.
Thnx To Microsoft Vulnerability Research (MSVR) for interesting in this issue and for coordinate Disclosure in other browsers afected.
Thnx to All who Belive in Me include you Estrella :**
atentamente: Lostmon (email@example.com) Web-Blog: http://lostmon.blogspot.com/ Google group: http://groups.google.com/group/lostmon (new) -- La curiosidad es lo que hace mover la mente....