Microsoft Internet Explorer "XMLHTTP" HTTP Request Injection
Secunia Advisory: SA16942 Print Advisory
Release Date: 2005-09-26
Critical:
Moderately critical
Impact: Security Bypass
Manipulation of data
Exposure of sensitive information
Where: From remote
Solution Status: Unpatched
Software: Microsoft Internet Explorer 6.x
Select a product and view a complete list of all Patched/Unpatched
Secunia advisories affecting it.
Description:
Amit Klein has discovered a vulnerability in Microsoft Internet
Explorer, which can be exploited by malicious people to manipulate
certain data and conduct HTTP request smuggling attacks.
Input passed to the method parameter in the "open()" function in the
"Microsoft.XMLHTTP" ActiveX control isn't properly sanitised before
being used in a HTTP request. This can be exploited to inject arbitrary
HTTP requests via specially crafted input containing tab and newline
characters (spaces are not allowed).
Successful exploitation requires that the HTTP request is sent to a
server or via a proxy allowing tab characters instead of spaces in
certain parts of the HTTP request.
This is similar to vulnerability #3 in:
SA16911
The vulnerability has been confirmed on a fully patched system with
Internet Explorer 6.0 and Microsoft Windows XP SP2. Other versions may
also be affected.
Solution:
Set security level to "High".
Provided and/or discovered by:
Amit Klein
Other References:
SA16911:
http://secunia.com/advisories/16911/
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/rules.htm
Contact list owner <[EMAIL PROTECTED]>
Unsubscribing and other changes: http://pcworkers.com
=====================================================
