 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.800103 |
| Categoría: | Windows : Microsoft Bulletins |
| Título: | Cumulative Security Update for Internet Explorer (950759) |
| Resumen: | This host has Microsoft Internet Explorer installed, which is; prone to HTTP request splitting/smuggling and HTML Objects Memory Corruption Vulnerabilities. |
| Descripción: | Summary: This host has Microsoft Internet Explorer installed, which is prone to HTTP request splitting/smuggling and HTML Objects Memory Corruption Vulnerabilities. Vulnerability Insight: The flaws are due to - a memory corruption error while processing a Web page that contains certain unexpected method calls to HTML objects. - failure of setRequestHeader method of the XMLHttpRequest object to block dangerous HTTP request headers when certain 8-bit character sequences are appended to a header name. Vulnerability Impact: Successful exploitation allows remote attackers to execute arbitrary code by tricking user into visiting a specially crafted web page and to read data from a Web page in another domain in Internet Explorer. Attackers can use above issues to poison web caches, steal credentials, launch cross-site scripting, HTML-injection, and session-hijacking attacks. Affected Software/OS: - Microsoft Internet Explorer 5.01 & 6 SP1 for Microsoft Windows 2000 - Microsoft Internet Explorer 6 for Microsoft Windows 2003 and XP - Microsoft Internet Explorer 7 for Microsoft Windows 2003 and XP - Microsoft Internet Explorer 7 for Microsoft Windows 2008 and Vista Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C |
| Referencia Cruzada: |
BugTraq ID: 28379 BugTraq ID: 29556 Common Vulnerability Exposure (CVE) ID: CVE-2008-1442 http://www.securityfocus.com/bid/29556 Bugtraq: 20080610 ZDI-08-039: Microsoft Internet Explorer DOM Ojbect substringData() Heap Overflow Vulnerability (Google Search) http://www.securityfocus.com/archive/1/493253/100/0/threaded Cert/CC Advisory: TA08-162B http://www.us-cert.gov/cas/techalerts/TA08-162B.html HPdes Security Advisory: HPSBST02344 http://marc.info/?l=bugtraq&m=121380194923597&w=2 HPdes Security Advisory: SSRT080087 http://www.zerodayinitiative.com/advisories/ZDI-08-039/ Microsoft Security Bulletin: MS08-031 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-031 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5720 http://securitytracker.com/id?1020225 http://secunia.com/advisories/30575 http://securityreason.com/securityalert/3934 http://www.vupen.com/english/advisories/2008/1778 Common Vulnerability Exposure (CVE) ID: CVE-2008-1544 http://www.securityfocus.com/bid/28379 Bugtraq: 20080321 [MSA02240108] IE7 allows overwriting of several headers leading to Http request Splitting and smuggling. (Google Search) http://www.securityfocus.com/archive/1/489954/100/0/threaded http://www.mindedsecurity.com/MSA02240108.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5291 http://www.securitytracker.com/id?1020226 http://secunia.com/advisories/29453 http://securityreason.com/securityalert/3785 http://www.vupen.com/english/advisories/2008/0980 |
| Copyright | Copyright (C) 2008 Greenbone Networks GmbH |
| Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |