exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Microsoft Internet Explorer 6 / 7 / 8 Race Condition

Microsoft Internet Explorer 6 / 7 / 8 Race Condition
Posted Aug 10, 2011
Authored by Lostmon | Site lostmon.blogspot.com

Microsoft Internet Explorer versions 6, 7, and 8 suffer from a Window.open race condition vulnerability.

tags | advisory
advisories | CVE-2011-1257
SHA-256 | 4a638b92f5cbb38832c9ca337ac3cff9c4fd9a6386d31dbd499bae976e2eb117

Microsoft Internet Explorer 6 / 7 / 8 Race Condition

Change Mirror Download
#############################################
Internet Explorer 6, 7 and 8 Window.open race condition Vulnerability
Vendor URL: http://www.microsoft.com
Advisore: http://lostmon.blogspot.com/2011/08/internet-explorer-6-7-and-8-windowopen.html
Coordinate Dislcosure: YES exploit available: Private
CVE-2011-1257 and MS011-57
#############################################

Microsoft Internet Explorer 6, 7 and 8 is prone vulnerable to a
Remote code execution due a race condition in window.open
javascript metod

A Remote attacker can compose a web page with malicious code
and wen a victim visit this malformed web doc, attacker can
exploit this situation.


######################
Solution
######################

Microsoft has issue a bulletin class with tecnical detalis about this issue
with this identifier [MS011-57]

you can found more detailed at this link:
http://www.microsoft.com/technet/security/bulletin/MS11-057.mspx

Also microsoft has issue a patch to solve this vulnerability
see http://www.microsoft.com/technet/security/bulletin/MS11-057.mspx
for update your system.

############
Timeline
############

Discovered : January 13, 2011
Vendor Notify: January 19, 2011
Vendor Response: January 19, 2011
Vendor Patch: August 9, 2011
Public Disclosure: August 9, 2011

################# €nd #########################

Thnx to Michal Zalewski for his extraordinary mind
and knowledge, people like him should have a virtual
statue for the rest of the times

Thnx To Jack, Gerardo, Nate and all MSRC
for his support in this issue.

Thnx To Microsoft Vulnerability Research (MSVR)
for interesting in this issue and for coordinate
Disclosure in other browsers afected.

Thnx to All who Belive in Me include you Estrella :**

atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente....
Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close