Microsoft Internet Explorer does not adequately validate references to cached objects and methods across domains and security zones. The impact is similar to that of a cross-site scripting vulnerability, allowing an attacker to access data in other sites, including the Local Computer zone.
As reported by GreyMagic Software and Liu Die Yu, Internet Explorer does not adequately validate references to certain cached objects and methods across different domains and security zones. A script from a potentially malicious site executing in one domain and security zone is able to access resources in another domain and zone, including the Local Computer zone, via the DHTML Document Object Model interface.
By convincing a user to follow a URL or read an HTML email message containing malicious script, and attacker could take any action with the privileges of the user executing the script. This could include opening new browser windows to different sites in different security zones, reading or modifying information in open browser windows, reading files on the local file system, and executing commands that are in a location known to the attacker. An attacker who is able to obtain cookies used for authentication may be able to impersonate a legitimate user and obtain sensitive data such as passwords or credit card information. By leveraging features of the Microsoft HTML Help system (VU#25249), an attacker could execute commands with parameters or cause arbitrary files to be downloaded to a known location on the local system, subject to the user's privileges.
GreyMagic Software and Liu Die Yu publicly reported multiple instances of this vulnerability.
This document was written by Art Manion.
|Date First Published:||2002-12-12|
|Date Last Updated:||2004-05-26 06:25 UTC|