Home » Hacking News » Vulnerable cached objects in IE (9 advisories in 1)
Vulnerable cached objects in IE (9 advisories in 1)
by Nikola Strahija on October 23rd, 2002All nine vulnerabilities are of the same general class (object caching). However, each of them is a separate vulnerability, which uses a unique method for exploitation.
Affected applications:
======================
Microsoft Internet Explorer 5.5 and 6.0; prior versions and IE6 SP1 are not
vulnerable.
Note that any other application that uses Internet Explorer's engine
(WebBrowser control) is affected as well (AOL Browser, MSN Explorer, etc.).
Introduction:
=============
When communicating between windows, security checks ensure that both pages
are in the same security zone and on the same domain. These crucial security
checks wrongly assume that certain methods and objects are only going to be
called through their respective window. This assumption enables some cached
methods and objects to provide interoperability between otherwise separated
documents.
Many security issues arise from storing references to objects that are
supposed to be inaccessible when the page unloads. PivX lately disclosed
such an issue in the