OSVDB ID: 15171 Title: Microsoft Windows XP Search Function Arbitrary XML Injection |
Info |
|
|
Dates |
||||
|
|
Description |
Microsoft Windows XP contains a flaw that may allow a remote attacker to inject arbitrary XML code into the Search function. The issue occurs when a remote attacker is able to manipulate traffic sent from the machine during a search query (DNS poisoning, firewall/router modification, etc). If the XML files that support the search funtion are missing, Windows will fetch a series of XML pages from sa.windows.com and display them. These XML pages can be served up from an alternate host, injecting XML links into the search interface which are likely to be trusted links. |
Classification |
Location:
Remote/Network Access Required
Attack Type: Input Manipulation Impact: Loss of Integrity Exploit: Exploit Available Disclosure: OSVDB Verified |
Solution |
Currently, there are no known upgrades, patches, or workarounds available to correct this issue. |
Products |
|
References |
|
Credit |
|
gmail.com -