Summary
The host is installed with Internet Explorer and is prone to anti-xss filter vulnerabilities.
Impact
Successful exploitation will let the attacker execute arbitrary codes in the context of the application and can perform the XSS attacks on the remote hosts without any consent of IE.
Impact Level: Application/Network
Solution
Solution/Patch not available as on 16th December 2008. For further updates refer, http://www.microsoft.com/windows/downloads/ie/getitnow.mspx
Insight
These flaws are due to,
- Injections facilitated by some HTTP headers are not currently blocked.
- Injections into some contexts are not blocked where contents can be injected directly into JavaScript without breaking out a string.
- Allowing access to the attacker to inject XSS string in 2 different HTML positions.
- It lets the attacker execute XSS attacks using CRLF sequence in conjunction with a crafted Content-Type header.
Affected
Windows Platform with Internet Explorer 8.0 Beta 2
References
Severity
Classification
-
CVE CVE-2008-5551, CVE-2008-5552, CVE-2008-5553, CVE-2008-5554, CVE-2008-5555, CVE-2008-5556 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- PuTTY SSH2 authentication password persistence weakness
- Microsoft Internet Explorer Anti-XSS Filter Vulnerabilities
- Microsoft RDP Server Private Key Information Disclosure Vulnerability
- MS IE Information Disclosure and Web Site Spoofing Vulnerabilities
- Microsoft Windows TLS/SSL Spoofing Vulnerability (977377)