VULHUB ™

A vulnerability exists in Microsoft Internet Explorer that can allow for a violation of the same origin policy. When MSIE is evaluating whether access across windows should be permitted, the domain of the parent window is compared to the child. A vulnerability in this process has been reported that is related to the handling of HTTP usernames included in the URL. If the username value is suffixed with "%2f", MSIE will not remove the username when performing the same-origin check. Therefore it is possible to bypass the check if a username is included in a URL that matches the domain of the parent window and is appended with "%2f".

A vulnerability exists in Microsoft Internet Explorer that can allow for a violation of the same origin policy. When MSIE is evaluating whether access across windows should be permitted, the domain of the parent window is compared to the child. A vulnerability in this process has been reported that is related to the handling of HTTP usernames included in the URL. If the username value is suffixed with "%2f", MSIE will not remove the username when performing the same-origin check. Therefore it is possible to bypass the check if a username is included in a URL that matches the domain of the parent window and is appended with "%2f".