Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Cross-Site-Scripting Vulnerability in Microsoft.com
From: "Rafel Ivgi, The-Insider" <rivgi () finjan com>
Date: Mon, 4 Oct 2004 18:36:46 +0200

Cross Site Scripting In Microsoft.com

It is possible to inject code that executes arbitrary scripts when a user
clicks on a link
within Microsoft's update site page. A proof of concept can be found below.

Technical Details
On November 1st, 2004 malware published a proof of concept which
a Cross-Site-Scripting attack in microsoft.com update website. The code he
was taken from Dror Shalev's "Safe Center"
The original XSS hole was found by "Bitlance Winter". The reported bug was
fixed a few days ago.
However, our testings have shown that the hole was not fully patched.

In contrast to the former problem, which enabled an attacker to inject HTML
into web pages, this vulnerability allows an attacker to inject malicious
text strings
into the vulnerable page. These strings are injected into HTML tags,
therefore arbitrary
scripts will be executed when a user clicks on the vulnerable link.

The Code (Proof Of Concept)
To activate these attacks, please click on the link named "security update"
under the
title "Internet Explorer 6.0" in the Windows update site.

* <a
  Microsoft Cross Site scripting - Download the patch - DEMO 1

* <a
  Microsoft Cross Site scripting - Download the patch - DEMO 2

Rafel Ivgi, The-Insider
Security Consultant
Malicious Code Research Center (MCRC)
Finjan Software LTD
E-mail: rivgi () Finjan com
Prevention is the best cure!

This message was scanned for malicious content and viruses by Finjan Internet Vital Security 1Box(tm)

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]