Microsoft Internet Explorer 0-day SQL Injection Vulnerability

-->

  SecPod ID: 10221                                            Status: Public Report
  Microsoft Internet Explorer 8.0 Beta2 Anti-XSS              Severity: High
  Vulnerabilities                                             Release Date: 15-12-2008
                                                              CVSS Base Score: 7.5 (AV:N/AC:L/Au:NR/C:P/I:P/A:P)
                                                              CVSS Temporal Score  = 6.7
                                                              Impact Level:  Application

  Affected Software/OS/Device:
  - Windows Platform with Internet Explorer 8.0 Beta 2.

  OpenVAS Plugin ID: 
  Snort Signature ID:
  OVAL ID: 

  Vulnerability Insight:

  Overview:
  Internet Explorer Anti-XSS Filter is having multiple vulnerabilities.

  Description:
  This flaw is due to some multiple bugs in the Anti-XSS Filter which is available
  in the existing Microsoft Internet Explorer application.

  Impact:
  Successful exploitation will let the attacker execute arbitrary codes in the
  context of the application and can perform the XSS attacks to the remote hosts
  without any consent of IE.

  CVSS Score Report:
      ACCESS_VECTOR = NETWORK
      ACCESS_COMPLEXITY = LOW
      AUTHENTICATION = NOT_REQUIRED
      CONFIDENTIALITY_IMPACT = PARTIAL
      INTEGRITY_IMPACT = PARTIAL
      AVAILABILITY_IMPACT = PARTIAL
      EXPLOITABILITY = PROOF_OF_CONCEPT
      REMEDIATION_LEVEL = UNAVAILABLE
      REPORT_CONFIDENCE = CONFIRMED
      CVSS Base Score = 7.5 (AV:N/AC:L/Au:NR/C:P/I:P/A:P)
      CVSS Temporal Score = 6.7
      Risk factor = High

  Fix:
  Solution/Patch not available as on 15th December 2008.
  
  References: 
  http://www.securityfocus.com/archive/1/499124
Home Corporate Resources Report Security Bug Diary