CVE-2008-2948

Microsoft Internet Explorer 7-8 - XSS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-2948.

AI-analyzed exploit summary This JavaScript exploit bypasses the same-origin policy in Microsoft Internet Explorer by manipulating the location of a frame from a different domain, allowing arbitrary code execution in the context of the parent document. It leverages a timing-based attack to override the frame's location object with a malicious toString function.

Description

Cross-domain vulnerability in Microsoft Internet Explorer 7 and 8 allows remote attackers to change the location property of a frame via the Object data type, and use a frame from a different domain to observe domain-independent events, as demonstrated by observing onkeydown events with caballero-listener. NOTE: according to Microsoft, this is a duplicate of CVE-2008-2947, possibly a different attack vector.

Exploits (1)

exploitdb WORKING POC

remotewindows

https://www.exploit-db.com/exploits/31996

View Code ZIP pw:eip

This JavaScript exploit bypasses the same-origin policy in Microsoft Internet Explorer by manipulating the location of a frame from a different domain, allowing arbitrary code execution in the context of the parent document. It leverages a timing-based attack to override the frame's location object with a malicious toString function.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Internet Explorer 6, 7, and 8 Beta 1

No auth needed

Prerequisites: Victim must visit a malicious webpage or have a vulnerable IE session open

MITRE ATT&CK