Монитор угроз
NETGEAR® Threat Monitor – это исчерпывающий источник информации по новейшим угрозам вредоносного ПО и статистике распространения спама. В его таблицах представлена детальная статистика по последним угрозам, которые обнаружены в Интернете. Эти таблицы оперативно обновляются и сразу после возникновения новая угроза отражается в таблице.
« Back to list
This malicious program exploits vulnerability CAN-2004-1319.
Microsoft Internet Explorer DHTML Edit control may be used to carry out cross-domain script injection. This issue may allow an attacker to execute malicious script code in a user's browser to facilitate cross-site scripting type attacks.
It is reported that the Edit control can be used to inject malicious script code in to windows that seem to originate from another domain. This may be accomplished by using the Edit control while specifying a name for a malicious window and then using the window name as a parameter for the open() method.
This will open the website through the Edit control. The attacker can then use a method such as 'execScript()' to inject script code in to the window and carry out cross-site scripting type attacks. It is possible to steal cookie-based authentication credentials through this vulnerability. Other attacks may be possible as well.
Affected: Microsoft Windows 2000 Server Service Pack 3
Microsoft Windows 2000 Server Service Pack 4
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
| Virus Name: |
Troj.Clicker.W32.Agent.ac |
| Aliases: |
|
| Pattern: |
200902201659 |
| Threat Type |
Propagation Methods |
Systems Affected |
Risk Level |
|
|
|
- Windows NT
- Windows XP
- Windows 2000
- Windows 95/98/ME
|
|
Наверх
