CVE-2011-2383

by Fred · 03/06/2011

Microsoft Internet Explorer 9 and earlier does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing an http: URL that redirects to a file: URL, as demonstrated by a Facebook game, related to a "cookiejacking" issue, aka "Drag and Drop Information Disclosure Vulnerability." NOTE: this vulnerability exists because of an incomplete fix in the Internet Explorer 9 release.

Date published : 2011-06-03

http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=1388

http://ju12.tistory.com/attachment/cfile4.uf@151FAB4C4DDC9E0002A6FE.ppt

CVE-2011-2383

Similar

Recent Posts

Categories

CVE-2011-2383

Share this:

Similar

Recent Posts

Categories

Tags