The host is installed with Internet Explorer and is prone to cookie hijacking vulnerability. This NVT has been replaced by NVT secpod_ms11-057.nasl (OID:1.3.6.1.4.1.25623.1.0.902613).

Successful exploitation will allow remote attackers to read cookie files of the victim and impersonate users requests. Impact Level:System/ Application

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/ms11-057.mspx

The flaw exists due to the application which does not properly restrict cross-zone drag-and-drop actions, allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing an http: URL that redirects to a file: URL.

Internet Explorer Version 9.0 and prior.

• http://www.theregister.co.uk/2011/05/25/microsoft_internet_explorer_cookiejacking/

---

Updated on 2017-03-28