Vulnerability Note VU#207264
Microsoft Internet Explorer does not properly handle function redirection
Microsoft Internet Explorer (IE) fails to properly validate redirected functions. The impact is similar to that of a cross-site scripting vulnerability, which allows an attacker to access data in other sites, including the Local Machine Zone.
IE is vulnerable to a cross-domain violation that involves redirected or cached functions. Rather than calling a script function directly, it is possible for one object to cache a reference to a function that resides in a different object, such as an IFRAME or a popup window. When the domain of the parent object (containing the cached reference) changes, IE incorrectly determines the source of the function based on the new domain of the cached reference. The function, contained in the object in the original domain, is executed in the context of the parent object (containing the cached reference), in the new domain. Because the object that invokes the script may be in a different domain than the object in which the script executes, the cross-domain security model is violated.
By convincing a user to follow a URL or read an HTML email message containing malicious script, an attacker could take any action with the privileges of the user executing the script. This could include opening new browser windows to different sites in different security zones, reading or modifying information in open browser windows, reading files on the local file system, and executing commands that are in a location known to the attacker. By leveraging capabilities provided by technologies such as ActiveX controls and the HTML Help system, an attacker could execute arbitrary code.
Apply a patch
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Affected||-||19 Oct 2004|
CVSS Metrics (Learn More)
This vulnerability was reported by Paul from GreyHats Security Group
This document was written by Will Dormann and Art Manion.
- CVE IDs: CVE-2004-0727
- Date Public: 11 Jul 2004
- Date First Published: 19 Oct 2004
- Date Last Updated: 29 Aug 2007
- Severity Metric: 59.06
- Document Revision: 16
If you have feedback, comments, or additional information about this vulnerability, please send us email.