Title: Microsoft Internet Explorer Cookie Disclosure/Modification Vulnerability
Severity: CRITICAL
Description:
Internet Explorer contains a vulnerability that could allow an attacker to construct a URL that would display or modify the cookie information associated with an arbitrary website.
If a URL is composed in the about: protocol referencing a website, JavaScript embedded in the URL can access any cookies associated with the website via 'document.cookie'. The Javascript executes because of a cross-site scripting condition related to the about: protocol in MSIE.
This is achievable if the target site has been visited and the cookies aren't expired. If a victim user clicks on this link, or visits a maliciously constructed website, this can happen automatically without user knowledge or consent. It may also be exploitable through HTML E-mail.
The following is an example of the type of URL required to exploit this issue:
about://www.target.com/<script language=javascript>alert(document.cookie);</script>
This example will cause the cookie values associated with 'www.target.com' to be displayed in an alert() popup window.
Outside of this example, cookies associated with any website can be manipulated by the attacker-created Javascript embedded in the URL. The Javascript could be designed to modify the cookie values or send them to a remote server.
Successful exploitation of this vulnerability could lead to the disclosure of sensitive information such as session IDs, authentication information, etc.
This could assist in further attacks against the user or the webservers that issued the cookies.
Affected Products:
- Microsoft Internet Explorer 5.5
- Microsoft Internet Explorer 5.5 SP1
- Microsoft Internet Explorer 5.5 SP2
- Microsoft Internet Explorer 6.0
- Microsoft Windows ME
- Microsoft Windows Server 2003 Datacenter Edition
- Microsoft Windows Server 2003 Datacenter Edition Itanium
- Microsoft Windows Server 2003 Enterprise Edition
- Microsoft Windows Server 2003 Enterprise Edition Itanium
- Microsoft Windows Server 2003 Standard Edition
- Microsoft Windows Server 2003 Web Edition
- Microsoft Windows XP Home
- Microsoft Windows XP Professional
References:
- Microsoft: Microsoft Security Bulletin MS01-055
- Microsoft: Outlook E-Mail Security Update
- Microsoft: Technet Security
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
