Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Microsoft Internet Explorer Cookie Hijacking Vulnerability
Information
Severity
Severity
Medium
Family
Family
Windows
CVSSv2 Base
CVSSv2 Base
4.3
CVSSv2 Vector
CVSSv2 Vector
AV:N/AC:M/Au:N/C:P/I:N/A:N
Solution Type
Solution Type
Vendor Patch
Created
Created
12 years ago
Modified
Modified
4 years ago
Summary
The host is installed with Internet Explorer and is prone to cookie hijacking vulnerability. This NVT has been replaced by OID:1.3.6.1.4.1.25623.1.0.902613.
Insight
Insight
The flaw exists due to the application which does not properly restrict cross-zone drag-and-drop actions, allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing an http: URL that redirects to a file: URL.
Affected Software
Affected Software
Internet Explorer Version 9.0 and prior.
Solution
Solution
The vendor has released updates. Please see the references for more information.