what you don't know can hurt you

Microsoft Internet Explorer 6 / 7 / 8 Race Condition

Microsoft Internet Explorer 6 / 7 / 8 Race Condition
Posted Aug 10, 2011
Authored by Lostmon | Site lostmon.blogspot.com

Microsoft Internet Explorer versions 6, 7, and 8 suffer from a Window.open race condition vulnerability.

tags | advisory
advisories | CVE-2011-1257
MD5 | 0753ae5608af60b98c575cd58f546c6e

Microsoft Internet Explorer 6 / 7 / 8 Race Condition

Change Mirror Download
#############################################
Internet Explorer 6, 7 and 8 Window.open race condition Vulnerability
Vendor URL: http://www.microsoft.com
Advisore: http://lostmon.blogspot.com/2011/08/internet-explorer-6-7-and-8-windowopen.html
Coordinate Dislcosure: YES exploit available: Private
CVE-2011-1257 and MS011-57
#############################################

Microsoft Internet Explorer 6, 7 and 8 is prone vulnerable to a
Remote code execution due a race condition in window.open
javascript metod

A Remote attacker can compose a web page with malicious code
and wen a victim visit this malformed web doc, attacker can
exploit this situation.


######################
Solution
######################

Microsoft has issue a bulletin class with tecnical detalis about this issue
with this identifier [MS011-57]

you can found more detailed at this link:
http://www.microsoft.com/technet/security/bulletin/MS11-057.mspx

Also microsoft has issue a patch to solve this vulnerability
see http://www.microsoft.com/technet/security/bulletin/MS11-057.mspx
for update your system.

############
Timeline
############

Discovered : January 13, 2011
Vendor Notify: January 19, 2011
Vendor Response: January 19, 2011
Vendor Patch: August 9, 2011
Public Disclosure: August 9, 2011

################# €nd #########################

Thnx to Michal Zalewski for his extraordinary mind
and knowledge, people like him should have a virtual
statue for the rest of the times

Thnx To Jack, Gerardo, Nate and all MSRC
for his support in this issue.

Thnx To Microsoft Vulnerability Research (MSVR)
for interesting in this issue and for coordinate
Disclosure in other browsers afected.

Thnx to All who Belive in Me include you Estrella :**

atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente....

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

February 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    1 Files
  • 2
    Feb 2nd
    2 Files
  • 3
    Feb 3rd
    17 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    16 Files
  • 7
    Feb 7th
    19 Files
  • 8
    Feb 8th
    1 Files
  • 9
    Feb 9th
    2 Files
  • 10
    Feb 10th
    15 Files
  • 11
    Feb 11th
    20 Files
  • 12
    Feb 12th
    12 Files
  • 13
    Feb 13th
    18 Files
  • 14
    Feb 14th
    17 Files
  • 15
    Feb 15th
    4 Files
  • 16
    Feb 16th
    4 Files
  • 17
    Feb 17th
    34 Files
  • 18
    Feb 18th
    15 Files
  • 19
    Feb 19th
    19 Files
  • 20
    Feb 20th
    20 Files
  • 21
    Feb 21st
    11 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close