|
|
Info |
Last Modified |
| 6 months ago |
|
|
|
|
Description |
Microsoft Windows XP contains a flaw that may allow a remote attacker to inject arbitrary XML code into the Search function. The issue occurs when a remote attacker is able to manipulate traffic sent from the machine during a search query (DNS poisoning, firewall/router modification, etc). If the XML files that support the search funtion are missing, Windows will fetch a series of XML pages from sa.windows.com and display them. These XML pages can be served up from an alternate host, injecting XML links into the search interface which are likely to be trusted links.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Input Manipulation
Impact:
Loss of Integrity
Exploit:
Exploit Available
Disclosure:
OSVDB Verified
|
|
Technical |
This attack can only occur if the original XML files of the search function are deleted.
|
|
Solution |
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.
|
|
Products |
|
Windows
 |
XP SP1 |
|
|
|
|
Credit |
- Delchi - delchi
 gmail.com -
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
