Ver:
Vulnerabilidad de un navegador www consistente en que páginas web con código ejecutable (scripts) ejecutan este en unza zona de seguridad que no le corresponde, aprovechando que la página se abre en una zona privilegiada.
Se trata de un problema de escalado de privilegios.
is a browser exploit taking advantage of a vulnerability within a zone-based security solution. The attack allows content (scripts) in unprivileged zones to be executed with the permissions of a privileged zone - i.e. a privilege escalation within the client (web browser) executing the script. The vulnerability could be:
·
a
web browser bug which under some conditions allows content (scripts) in one
zone to be executed with the permissions of a higher privileged zone.
·
a
web browser configuration error; unsafe sites listed in privileged zones.
·
a
cross-site scripting vulnerability within a privileged zone
A common attack
scenario involves two steps. The first step is to use a Cross Zone Scripting
vulnerability to get scripts executed within a privileged zone. To complete the
attack, then perform malicious actions on the computer using insecure ActiveX
components.
This type of
vulnerability has been exploited to silently install various malware (such as
spyware, remote control software, worms and such) onto computers browsing a
malicious web page.
http://en.wikipedia.org/wiki/Cross_Zone_Scripting
An attacker is
able to cause a victim to load content into their web-browser that bypasses
security zone controls and gain access to increased privileges to execute
scripting code or other web objects such as unsigned ActiveX controls or
applets. This is a privilege elevation attack targeted at zone-based
web-browser security. In a zone-based model, pages belong to one of a set of
zones corresponding to the level of privilege assigned to that page. Pages in
an untrusted zone would have a lesser level of access to the system and/or be
restricted in the types of executable content it was allowed to invoke. In a
cross-zone scripting attack, a page that should be assigned to a less
privileged zone is granted the privileges of a more trusted zone. This can be
accomplished by exploiting bugs in the browser, exploiting incorrect
configuration in the zone controls, through a cross-site scripting attack that
causes the attacker's content to be treated as coming from a more trusted page,
or by leveraging some piece of system functionality that is accessible from
both the trusted and less trusted zone. This attack differs from "Restful
Privilege Escalation" in that the latter correlates to the inadequate
securing of RESTful access methods (such as HTTP DELETE) on the server, while
cross-zone scripting attacks the concept of security zones as implemented by a
browser.
Attack Pattern
104
http://capec.mitre.org/data/index.html
Temas relacionados