###########################################
Internet explorer pwned Avant Browser via
history Persistent XSS vulnerabilities
vendor url: http://www.avantbrowser.com/
Advisore: http://lostmon.blogspot.com/2009/08/
internet-explorer-pwned-avant-browser.html
vendor notify: NO exploit available: yes
############################################
#############
description
#############
Avant Browser´s user-friendly interface brings a new level
of clarity and efficiency to your browsing experience,and
frequent upgrades have steadily improved its reliability.
Avant Browser is freeware That's right. 100% Free!.
A recently vulnerability in Avant browser discovered by me
Can be exploit via history on ie8
Related Vuln =>
http://lostmon.blogspot.com/2009/07/
avant-browser-browserhome-persistent.html
###############
version tested
###############
Internet Explorer 8 (in xp home)
Avant Browser 11.7 build 35
#########
solution:
##########
Update to version 11.7 build 36
it is reported and tested that isn´t
vulnerable.
#############
timeline:
#############
discovered: 23-07-2009
disclosure: 03-08-2009
##################
testing
##################
http://lostmon.blogspot.com/2009/07/
avant-browser-browserhome-persistent.html
See this related vulnerability in avant browser.Now go
to exploit it across explorer , we know that the column
history is afected by a script insercion in browser:home
dinamicaly content.
If a user open explorer and try to navigate to a malicious
site like :
http://usuarios.lycos.es/reyfuss/id.php?id="><h1>Test html injection</h1>
For example if we Browse this url with avant browser =>
http://usuarios.lycos.es/reyfuss/id.php?id="><iframe src='http://www.google.com'></iframe>
The iframe does not executed correctly in history, but ,
close avant, browse the url with IE8 and them , open
avant browser ...the iframe now is executed correctly :D
Those url are saved in the explorer history, here is the
vulnerability, because Avant browser use IE8 web history
to show his own history in the browser:home history column,
them open avant browser and the html is executed in the history
colum and in most visited sites.
I don´t know if with the anty-xss filter in IE8 can protect
from a script attack but at this moment we can think that this
issue can have a html injection condition and a attacker can insert
a iframe...And this is other vector to attack Avant browser.
################ End #####################
thnx to estrella to be my ligth
thnx to Brink he is investigate with me.
thnx to all who day after day support me !!!
atentamente:
--
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente...
skip to main |
skip to sidebar
Security Research & Analisys:
Personal Blog where I expose my investigations,
advisores and some outstanding news on security.
Categories
Archives
-
►
2022
(2)
- ► November 2022 (1)
- ► October 2022 (1)
-
►
2013
(2)
- ► December 2013 (1)
- ► August 2013 (1)
-
►
2012
(5)
- ► April 2012 (1)
-
►
2011
(5)
- ► October 2011 (1)
- ► March 2011 (1)
-
►
2010
(18)
- ► December 2010 (2)
- ► September 2010 (1)
- ► March 2010 (1)
- ► February 2010 (1)
- ► January 2010 (1)
-
▼
2009
(25)
- ► November 2009 (1)
- ▼ August 2009 (3)
- ► April 2009 (1)
- ► March 2009 (1)
- ► February 2009 (1)
-
►
2008
(24)
- ► August 2008 (9)
- ► April 2008 (1)
- ► March 2008 (1)
-
►
2007
(29)
- ► October 2007 (1)
- ► March 2007 (1)
-
►
2006
(14)
- ► August 2006 (1)
- ► February 2006 (1)
-
►
2005
(54)
- ► December 2005 (1)
- ► April 2005 (14)
Browse
About:Me
My blog:http://lostmon.blogspot.com
Mail:Lostmon@gmail.com
Lostmon Google group
Lostmon@googlegroups.com
Mail:Lostmon@gmail.com
Lostmon Google group
Lostmon@googlegroups.com
La curiosidad es lo que hace
mover la mente...
Online Tools & Calculators
Posts
Lostmon Blogger © All Rights Reserved