HATTIFNATTOR
03.04.2008, 10:55
Microsoft Internet Explorer 'ieframe.dll' Script Injection Vulnerability
http://www.securityfocus.com/bid/28581/discuss
Microsoft Internet Explorer is prone to a script-injection vulnerability when handling specially crafted requests to 'acr_error.htm' via the 'res://' protocol. The file resides in the 'ieframe.dll' dynamic-link library.
An attacker may leverage this issue to execute arbitrary code in the context of a user's browser. Successful exploits can allow the attacker to steal cookie-based authentication credentials, obtain potentially sensitive information stored on the victim's computer, and launch other attacks.
Internet Explorer 8 is vulnerable. Internet Explorer 7 is likely vulnerable as well, but this has not been confirmed.
Microsoft Internet Explorer XDR Prototype Hijacking Denial of Service Vulnerability
http://www.securityfocus.com/bid/28580/discuss
Microsoft Internet Explorer is prone to a denial-of-service vulnerability.
An attacker may exploit this issue by enticing victims into opening a maliciously crafted webpage.
Successfully exploiting this issue will allow attackers to crash the application, denying service to legitimate users.
This issue affects Microsoft Internet Explorer 8 Beta 1.
http://www.securityfocus.com/bid/28581/discuss
Microsoft Internet Explorer is prone to a script-injection vulnerability when handling specially crafted requests to 'acr_error.htm' via the 'res://' protocol. The file resides in the 'ieframe.dll' dynamic-link library.
An attacker may leverage this issue to execute arbitrary code in the context of a user's browser. Successful exploits can allow the attacker to steal cookie-based authentication credentials, obtain potentially sensitive information stored on the victim's computer, and launch other attacks.
Internet Explorer 8 is vulnerable. Internet Explorer 7 is likely vulnerable as well, but this has not been confirmed.
Microsoft Internet Explorer XDR Prototype Hijacking Denial of Service Vulnerability
http://www.securityfocus.com/bid/28580/discuss
Microsoft Internet Explorer is prone to a denial-of-service vulnerability.
An attacker may exploit this issue by enticing victims into opening a maliciously crafted webpage.
Successfully exploiting this issue will allow attackers to crash the application, denying service to legitimate users.
This issue affects Microsoft Internet Explorer 8 Beta 1.