关键漏洞信息 Advisory Number: SNS Advisory No. 79 Vulnerability: Potential Cookie Overwrite in Microsoft Internet Explorer First Discovered: Monday, September 1, 2003 Publish Date: Monday, November 15, 2004 Severity: Low Overview A vulnerability in Microsoft Internet Explorer could lead to a cookie being overwritten under certain circumstances. Problem Description Internet Explorer fails to validate specific character strings when receiving cookies. If it accepts a cookie with a crafted Path attribute, this allows overwriting cookies from other sites under certain conditions. Exploit Preconditions 1. If the target domain/IP includes the attacker's domain/IP. 2. If the target is a wildcard domain with a web service running. Tested Versions Microsoft Internet Explorer 6.0 Service Pack 1 Solution Use Windows XP Service Pack 2. Alternatively, adjust Internet Options: Privacy > Advanced > Cookies > Override automatic handling > Prompt > Block cookies not starting with "/". Discovered by Keigo Yamazaki Acknowledgements Microsoft Co., Ltd.