It seems like microsoft is having a bad year end to 2008 as the host of security vulnerabilities being published not only in its products but also on their website. The following is one more to the pile of security issues faced by the company these days. Although it is a simple url redirect but the purpose it can be used and is being used is really dangerous mainly because of the domain name itself.
The Url redirection bug would basically redirect users clicking on the unsuspected URL as it has the familiar microsoft dot com domain name. For those of us using NOSCRIPT with firefox normally allow microsoft as the trusted source as it hinders with the browsing of the web contents on thier website.
Proof Of Concept
http://www.microsoft.com/ie/ie40/download/?//certstation.com
Let us see how quick Microsoft fixes this vulnerability.
Update: The vulnerability has been patched my Microsoft, the reacted faster then I expected way to go.
Tuesday, December 23, 2008
Subscribe to:
Comments (Atom)

 
 
