Vulnerability Note VU#162097
Microsoft Internet Explorer does not adequately validate references to cached objects and methods
Microsoft Internet Explorer does not adequately validate references to cached objects and methods across domains and security zones. The impact is similar to that of a cross-site scripting vulnerability, allowing an attacker to access data in other sites, including the Local Computer zone.
As reported by GreyMagic Software and Liu Die Yu, Internet Explorer does not adequately validate references to certain cached objects and methods across different domains and security zones. A script from a potentially malicious site executing in one domain and security zone is able to access resources in another domain and zone, including the Local Computer zone, via the DHTML Document Object Model interface.
By convincing a user to follow a URL or read an HTML email message containing malicious script, and attacker could take any action with the privileges of the user executing the script. This could include opening new browser windows to different sites in different security zones, reading or modifying information in open browser windows, reading files on the local file system, and executing commands that are in a location known to the attacker. An attacker who is able to obtain cookies used for authentication may be able to impersonate a legitimate user and obtain sensitive data such as passwords or credit card information. By leveraging features of the Microsoft HTML Help system (VU#25249), an attacker could execute commands with parameters or cause arbitrary files to be downloaded to a known location on the local system, subject to the user's privileges.
Restrict the execution of the Shortcut and WinHelp HTML Help commands to specified folders, or disable the commands entirely. This will prevent malicious scripts from downloading arbitrary files and executing arbitrary commands with parameters via HTML Help. It will also limit the ability of HTML Help to open URLs and execute commands.
It may be possible to use an application layer filter to detect and block or disable script code within HTML data.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Affected||11 Dec 2002||18 Jun 2003|
CVSS Metrics (Learn More)
GreyMagic Software and Liu Die Yu publicly reported multiple instances of this vulnerability.
This document was written by Art Manion.
- CVE IDs: CAN-2002-1262
- Date Public: 22 Oct 2002
- Date First Published: 12 Dec 2002
- Date Last Updated: 26 May 2004
- Severity Metric: 34.78
- Document Revision: 62
If you have feedback, comments, or additional information about this vulnerability, please send us email.