Microsoft Internet Explorer versions 7 and 8 suffer from an url validation vulnerability.
5691209f6297d7c41dfedc1fd1bc337896dda52d19cb5fb673984e723b44156aZero Day Initiative Advisory 10-016 - This vulnerability allows remote attackers to force a Microsoft Windows system to execute a given local executable. User interaction is required in that the target must access a malicious URL. The specific flaw exists within the ShellExecute API. Using a specially formatted URL an attacker can bypass sanitization checks within this function and force the calling application into running an executable of their choice. Successful exploitation requires a useful binary to exist in a predictable location on the remote system.
cbead906d997ee76877af1d55e446626a519eb77a9753cd8dd8b5595996a9469
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed