HTML Injection Vulnerability in Microsoft Internet Explorer

vendor:

Internet Explorer

by:

Marek Blahus

7.5

CVSS

HIGH

HTML Injection

CWE

Product Name: Internet Explorer

Affected Version From: Internet Explorer 5.0

Affected Version To: Internet Explorer 6.0

Patch Exists: YES

Related CWE: N/A

CPE: a:microsoft:internet_explorer

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2002

HTML Injection Vulnerability in Microsoft Internet Explorer

An issue has been reported for Microsoft Internet Explorer that may result in HTML injection attacks. The vulnerability exists when IE is used to display custom HTTP error messages also known as 'Friendly HTTP error messages'. Due to some errors when extracting URLs from the custom error pages, it is possible to cause IE to output malicious HTML code. Exploitation may allow theft of cookie-based authentication credentials or other attacks.

Mitigation:

Disable the display of friendly HTTP error messages in Internet Explorer.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/7939/info

An issue has been reported for Microsoft Internet Explorer that may result in HTML injection attacks. The vulnerability exists when IE is used to display custom HTTP error messages also known as "Friendly HTTP error messages".

Due to some errors when extracting URLs from the custom error pages, it is possible to cause IE to output malicious HTML code.

Exploitation may allow theft of cookie-based authentication credentials or other attacks.

res://shdoclc.dll/HTTP_501.htm#javascript:%2f*://*%2falert(location.href)/

"Marek Blahus" <marek@blahus.cz> also provided an additional proof-of-concept example:

res://shdoclc.dll/http_404.htm#javascript:alert(String.fromCharCode(72,101,108,108,111));//://clickme/