WARNING! Fake news / Disputed / BOGUS

Internet Explorer Zone Domain Specification Dos and Page suppressing.

2007.07.05
Credit: Aditya K Sood
Risk: Medium
Local: Yes
Remote: Yes
CWE: CWE-94


CVSS Base Score: 7.8/10
Impact Subscore: 6.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: None
Integrity impact: None
Availability impact: Complete

Advisory : Internet Explorer Zone Domain Specification Dos and Page Suppressing Severity : Intermediate Version : IE 6.0 - 7.0 Dated : 18 June 2007 Explanation: The vulnerability is present in handling of domain names with different parameters [ sub domains] when specified in the Intranet zone and Restricted zone with different characters [* ,.]. TheInternet Explorer show weird behavior in opening of those websites. The problem occurs in loading of those websites there by resulting in DoS through the browser. The problem occurs in resolving domain names in different zones by the explorer. It can be launched remotely by a malicious attacker by exploiting this vulnerable behavior through a rogue script and registry functions. The problem persists if rogue entries or manipulated entries are subjected into various zones. So when a new instance of IE is loaded , the registry entries are triggered up there by resulting in security impacts. The website page gets suppressed. The page gets hanged for sometime , there by showing a delay in loading of website and affects the CPU load. Vendor Status : Reported To Microsoft Security Center. Solution By Microsoft Security Center: 1. Avoid visiting untrusted Websites. 2. Script Restriction should be applied. ----- Aditya K Sood http://www.secniche.org


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top