Archive | October 5, 2006

MS6-053 an Internet Explorer Cross-Site Scripting exploit?

Swa Frantzen is manning the SANS Internet Storm Center, InfoCON: green desk today, and struggles to work out the exploit Microsoft documents without admitting in MS06-053 revisited ?, (Thu, Oct 5th). “When we first read MS06-053 we ended up discussing and not fully understanding what Microsoft was…” (more)… The article explores what appears to be an IE cross-site scripting exploit but with the character set UTF-7 (yes, seven! – who knew!) and some advice to webmasters to help avoid spreading the problem by echoing a bad URL back to the user.

Powered by WordPress. Designed by Woo Themes

This work by Ted Roche is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 United States.