exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Microsoft Internet Explorer 6 / 7 / 8 Race Condition

Microsoft Internet Explorer 6 / 7 / 8 Race Condition
Posted Aug 10, 2011
Authored by Lostmon | Site lostmon.blogspot.com

Microsoft Internet Explorer versions 6, 7, and 8 suffer from a Window.open race condition vulnerability.

tags | advisory
advisories | CVE-2011-1257
SHA-256 | 4a638b92f5cbb38832c9ca337ac3cff9c4fd9a6386d31dbd499bae976e2eb117

Microsoft Internet Explorer 6 / 7 / 8 Race Condition

Change Mirror Download
#############################################
Internet Explorer 6, 7 and 8 Window.open race condition Vulnerability
Vendor URL: http://www.microsoft.com
Advisore: http://lostmon.blogspot.com/2011/08/internet-explorer-6-7-and-8-windowopen.html
Coordinate Dislcosure: YES exploit available: Private
CVE-2011-1257 and MS011-57
#############################################

Microsoft Internet Explorer 6, 7 and 8 is prone vulnerable to a
Remote code execution due a race condition in window.open
javascript metod

A Remote attacker can compose a web page with malicious code
and wen a victim visit this malformed web doc, attacker can
exploit this situation.


######################
Solution
######################

Microsoft has issue a bulletin class with tecnical detalis about this issue
with this identifier [MS011-57]

you can found more detailed at this link:
http://www.microsoft.com/technet/security/bulletin/MS11-057.mspx

Also microsoft has issue a patch to solve this vulnerability
see http://www.microsoft.com/technet/security/bulletin/MS11-057.mspx
for update your system.

############
Timeline
############

Discovered : January 13, 2011
Vendor Notify: January 19, 2011
Vendor Response: January 19, 2011
Vendor Patch: August 9, 2011
Public Disclosure: August 9, 2011

################# €nd #########################

Thnx to Michal Zalewski for his extraordinary mind
and knowledge, people like him should have a virtual
statue for the rest of the times

Thnx To Jack, Gerardo, Nate and all MSRC
for his support in this issue.

Thnx To Microsoft Vulnerability Research (MSVR)
for interesting in this issue and for coordinate
Disclosure in other browsers afected.

Thnx to All who Belive in Me include you Estrella :**

atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente....
Login or Register to add favorites

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    0 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close