---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: Microsoft Internet Explorer "XMLHTTP" HTTP Request Injection SECUNIA ADVISORY ID: SA16942 VERIFY ADVISORY: http://secunia.com/advisories/16942/ CRITICAL: Moderately critical IMPACT: Security Bypass, Manipulation of data, Exposure of sensitive information WHERE: >From remote SOFTWARE: Microsoft Internet Explorer 6.x http://secunia.com/product/11/ DESCRIPTION: Amit Klein has discovered a vulnerability in Microsoft Internet Explorer, which can be exploited by malicious people to manipulate certain data and conduct HTTP request smuggling attacks. Input passed to the method parameter in the "open()" function in the "Microsoft.XMLHTTP" ActiveX control isn't properly sanitised before being used in a HTTP request. This can be exploited to inject arbitrary HTTP requests via specially crafted input containing tab and newline characters (spaces are not allowed). Successful exploitation requires that the HTTP request is sent to a server or via a proxy allowing tab characters instead of spaces in certain parts of the HTTP request. This is similar to vulnerability #3 in: SA16911 The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2. Other versions may also be affected. SOLUTION: Set security level to "High". PROVIDED AND/OR DISCOVERED BY: Amit Klein OTHER REFERENCES: SA16911: http://secunia.com/advisories/16911/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------