Vigil@nce: IE 6, Cross Site Scripting via location
June 2008 by Vigil@nce
SYNTHESIS
An attacker can create an HTML document in order to generate a
Cross Site Scripting in Internet Explorer 6.
Gravity: 2/4
Consequences: client access/rights
Provenance: document
Means of attack: 1 proof of concept
Ability of attacker: specialist (3/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 27/06/2008
Identifier: VIGILANCE-VUL-7917
IMPACTED PRODUCTS
– Microsoft Internet Explorer [confidential versions]
DESCRIPTION
The "location" property of a window indicates its url.
However, when a window is loaded, if the "location" property is
changed to a JavaScript string, this script is run in the context
of the website.
An attacker can therefore create a Cross Site Scripting in
Internet Explorer.
CHARACTERISTICS
Identifiers: BID-29960, VIGILANCE-VUL-7917, VU#923508