Title: Microsoft Internet Explorer JavaScript Method Assignment Cross-Domain Scripting Vulnerability
Severity: HIGH
Description:
A vulnerability exists in Microsoft Internet Explorer that may allow cross-domain scripting.
It is reported that the vulnerability presents itself due to a failure to properly validate trust relationships between method calls that are made in separate Internet Explorer windows.
A malfunction in Internet Explorer that occurs when it attempts to determine if a method is safe, based from the trust relationship with the object that the method resides in, may result in the circumvention of an object security check. This issue is reportedly related to how the browser validates Navigation methods with similar function names.
The implication of this issue is that any function may bypass browser security checks to enforce Same Origin Policy or cross-domain script access. This may make it possible for script code to access properties of a foreign domain.
This issue could be exploited by a malicious Web page to access properties of an arbitrary attacker-specified domain. For example, an attacker could exploit this to steal cookies from an arbitrary domain. More sophisticated attacks are also possible, including exploiting this issue in combination with other security flaws.
This issue will also permit execution of script in the Local Zone, allowing for execution of malicious code in the context of the client user.
Affected Products:
- Avaya DefinityOne Media Servers
- Avaya IP600 Media Servers
- Avaya Modular Messaging (MSS) 1.1.0
- Avaya Modular Messaging (MSS) 2.0.0
- Avaya S3400 Message Application Server
- Avaya S8100 Media Servers
- Microsoft Internet Explorer 5.0.1
- Microsoft Internet Explorer 5.0.1 SP1
- Microsoft Internet Explorer 5.0.1 SP2
- Microsoft Internet Explorer 5.0.1 SP3
- Microsoft Internet Explorer 5.0.1 SP4
- Microsoft Internet Explorer 5.5
- Microsoft Internet Explorer 5.5 SP1
- Microsoft Internet Explorer 5.5 SP2
- Microsoft Internet Explorer 6.0
- Microsoft Internet Explorer 6.0 SP1
- Microsoft Windows 2000 Server
- Microsoft Windows ME
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows Server 2003 Datacenter Edition
- Microsoft Windows Server 2003 Datacenter Edition Itanium
- Microsoft Windows Server 2003 Enterprise Edition
- Microsoft Windows Server 2003 Enterprise Edition Itanium
- Microsoft Windows Server 2003 Standard Edition
- Microsoft Windows Server 2003 Web Edition
- Microsoft Windows XP Home
- Microsoft Windows XP Professional
References:
- GreyHats Security Group: GreyHats Security Group Homepage
- Microsoft: Microsoft Security Bulletin MS04-038
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
