Microsoft Internet Explorer ‘Forced Tweet’ Cross Domain

Microsoft Internet Explorer ‘Forced Tweet’ Cross Domain

Rating: Medium

Affected OS: Windows XP (Service Pack 3, [++])

Description: A cross domain privilege escalation vulnerability is present in some version of Microsoft Internet Explorer.

Recommendation: SecurityOrb is not aware of a vendor-supplied patch/update at this time.

Observation: A cross domain privilege escalation vulnerability is present in some version of Microsoft Internet Explorer.

The flaw lies in Internet Explorer’s ability to load/render external web pages as a CSS file. Under certain circumstances session IDs can be hijacked and used to force ‘tweets’ through Twitter.com or utilize other URL shortening services to distribute exploits.

Common Vulnerabilities & Exposures (CVE): CVE-2009-2433

IAVA Reference Number: IAVA-REF-NUMBER-NOMATCH

 

 

 

 

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.