Summary
The host is installed with Internet Explorer and is prone to cookie hijacking vulnerability.
Impact
Successful exploitation will allow remote attackers to read cookie files of the victim and impersonate users requests.
Impact Level: Application
Solution
No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore.
General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.
Insight
The flaw exists due to the application which does not properly restrict cross-zone drag-and-drop actions, allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing a file: URL.
Affected
Internet Explorer Version 8 and prior and Version 9 Beta.
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2011-2382 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Brother HL-5370DW Printer 'post/panel.html' Security Bypass Vulnerability
- Adobe Flash Player Multiple Security Bypass Vulnerabilities - 01 Feb14 (Linux)
- Apple iTunes Tutorials Window Security Bypass Vulnerability (Windows)
- Apple Safari 'Webkit' Information Disclosure Vulnerability (Mac OS X)
- Apache Error Log Escape Sequence Injection