|
Dear Customer,
The Browser Security Test is finished. Please find the results below:
High Risk Vulnerabilities 0
Medium Risk Vulnerabilities 2
Low Risk Vulnerabilities 0
Medium Risk Vulnerabilities
Microsoft Internet Explorer file:javascript: Cross Domain Scripting Vulnerability (ldy20030910-01)
Description
This bug allows a web site to read the contents of any file on your computer. The web site has to know the exact path and name of the file. A malicious website may also be able to exploit this vulnerability to delete mail from your webmail account or to spoof trusted websites.
Technical Details
It is possible to inject JavaScript code into Search bar and Media bar in Internet Explorer using "file:javascript:.." URL. The code will be execurted in the domain context of the document that was loaded in the bar.
A malicious web site can first open a document from any domain in Search bar and then execute JavaScript code getting access to the document.
There is a technique that allows injecting JavaScript code into Local Computer zone using this vulnerability. This allows a malicious web site to get access to local files and even execute arbitrary code. See "Additional Information" for details.
|