Internet explorer pwned Avant Browser
Page 1 of 1
Internet explorer pwned Avant Browser
###########################################
Internet explorer pwned Avant Browser via
history Persistent XSS vulnerabilities
vendor url: http://www.avantbrowser.com/
vendor notify: NO exploit available: yes
############################################
#############
description
#############
Avant Browser´s user-friendly interface brings a new level
of clarity and efficiency to your browsing experience,and
frequent upgrades have steadily improved its reliability.
Avant Browser is freeware That's right. 100% Free!.
A recently vulnerability in Avant browser discovered by me
Can be exploit via history on ie8
###############
version tested
###############
Internet Explorer 8 (in xp home)
Avant Browser 11.7 build 35
#########
solution:
##########
Update to version 11.7 build 36
it is reported and tested that isn´t
vulnerable.
#############
timeline:
#############
discovered: 23-07-2009
disclosure: 03-08-2009
##################
testing
##################
See this related vulnerability in avant browser.Now go
to exploit it across explorer , we know that the column
history is afected by a script insercion in browser:home
dinamicaly content.
If a user open explorer and try to navigate to a malicious
site like :
http://usuarios.lycos.es/reyfuss/id.php?id="><h1>Test html injection</h1>
For example if we Browse this url with avant browser =>
http://usuarios.lycos.es/reyfuss/id.php?id="><iframe src='http://www.google.com'></iframe>
The iframe does not executed correctly in history, but ,
close avant, browse the url with IE8 and them , open
avant browser ...the iframe now is executed correctly
Those url are saved in the explorer history, here is the
vulnerability, because Avant browser use IE8 web history
to show his own history in the browser:home history column,
them open avant browser and the html is executed in the history
colum and in most visited sites.
I don´t know if with the anty-xss filter in IE8 can protect
from a script attack but at this moment we can think that this
issue can have a html injection condition and a attacker can insert
a iframe...And this is other vector to attack Avant browser.
################ End #####################
Internet explorer pwned Avant Browser via
history Persistent XSS vulnerabilities
vendor url: http://www.avantbrowser.com/
vendor notify: NO exploit available: yes
############################################
#############
description
#############
Avant Browser´s user-friendly interface brings a new level
of clarity and efficiency to your browsing experience,and
frequent upgrades have steadily improved its reliability.
Avant Browser is freeware That's right. 100% Free!.
A recently vulnerability in Avant browser discovered by me
Can be exploit via history on ie8
###############
version tested
###############
Internet Explorer 8 (in xp home)
Avant Browser 11.7 build 35
#########
solution:
##########
Update to version 11.7 build 36
it is reported and tested that isn´t
vulnerable.
#############
timeline:
#############
discovered: 23-07-2009
disclosure: 03-08-2009
##################
testing
##################
See this related vulnerability in avant browser.Now go
to exploit it across explorer , we know that the column
history is afected by a script insercion in browser:home
dinamicaly content.
If a user open explorer and try to navigate to a malicious
site like :
http://usuarios.lycos.es/reyfuss/id.php?id="><h1>Test html injection</h1>
For example if we Browse this url with avant browser =>
http://usuarios.lycos.es/reyfuss/id.php?id="><iframe src='http://www.google.com'></iframe>
The iframe does not executed correctly in history, but ,
close avant, browse the url with IE8 and them , open
avant browser ...the iframe now is executed correctly
Those url are saved in the explorer history, here is the
vulnerability, because Avant browser use IE8 web history
to show his own history in the browser:home history column,
them open avant browser and the html is executed in the history
colum and in most visited sites.
I don´t know if with the anty-xss filter in IE8 can protect
from a script attack but at this moment we can think that this
issue can have a html injection condition and a attacker can insert
a iframe...And this is other vector to attack Avant browser.
################ End #####################
andry- Moderator
- Posts : 467
Join date : 2010-05-07
Similar topics
» Avant Browser browser:home Persistent XSS vulnerabilities
» Internet Explorer considered harmful
» Windows XP Internet Explorer 8,7 .HLP vulnerability
» Abusing Internet Explorer 8's XSS Filters
» 0day Internet Explorer Exploit Released
» Internet Explorer considered harmful
» Windows XP Internet Explorer 8,7 .HLP vulnerability
» Abusing Internet Explorer 8's XSS Filters
» 0day Internet Explorer Exploit Released
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum
|
|