Browser Security Test
Security testing
Scanit offers penetration tests, vulnerability assessments and web application audits.
Scanit offers penetration tests, vulnerability assessments and web application audits.
Learn ethical hacking.
Scanit offers 5-day training on ethical hacking.
Scanit offers 5-day training on ethical hacking.
Window location property cross-domain scripting (CVE-2008-2947)
Description
A vulnerability in handling of window "location" property in Internet Explorer allows breaking the browser same origin policy.This is a cross-domain scripting vulnerability. It can can allow a malicious web site to access your data on other web sites. For example, it can be used to read your mail from a web mail system. According to Microsoft:
"This is a remote code execution vulnerability for Internet Explorer 5.01 Service Pack 4 or Internet Explorer 6 Service Pack 1 running on Microsoft Windows 2000 Service Pack 4. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This is an information disclosure vulnerability for Internet Explorer 6 or Internet Explorer 7 running on supported versions and editions of Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. An attacker who successfully exploited this vulnerability could read cookies or other data from another Internet Explorer domain. However, user interaction is required to exploit this vulnerability."