VULHUB ™

Microsoft Internet Explorer is prone to a zone bypass vulnerability. A remote attacker may execute code in the Intranet zone. An attacker can exploit this issue by using a non-FQDN URI. Successful exploitation of this vulnerability could lead to the execution of malicious script or ActiveX controls in the Intranet zone. Update: It is reported that this issue can also be exploited to bypass to other zones. For example, by using a trusted URI, an attacker can access the Trusted zone. This issue seems to be related to BID 10517 (Multiple Browser URI Obfuscation Weakness). Update: http-equiv has created a proof of concept for an attack that exploits this vulnerability.

Microsoft Internet Explorer is prone to a zone bypass vulnerability. A remote attacker may execute code in the Intranet zone. An attacker can exploit this issue by using a non-FQDN URI. Successful exploitation of this vulnerability could lead to the execution of malicious script or ActiveX controls in the Intranet zone. Update: It is reported that this issue can also be exploited to bypass to other zones. For example, by using a trusted URI, an attacker can access the Trusted zone. This issue seems to be related to BID 10517 (Multiple Browser URI Obfuscation Weakness). Update: http-equiv has created a proof of concept for an attack that exploits this vulnerability.