Informative Update: Gulf Bank – Service Disruption
March 30, 2019Rewterz Threat Advisory – PHP “exif_process_IFD_in_MAKERNOTE()” Out-Of-Bounds Denial of Service Vulnerability
April 1, 2019Informative Update: Gulf Bank – Service Disruption
March 30, 2019Rewterz Threat Advisory – PHP “exif_process_IFD_in_MAKERNOTE()” Out-Of-Bounds Denial of Service Vulnerability
April 1, 2019Analysis Summary
Same Origin Policy (SOP) is a security mechanism that is implemented in modern browsers, the basic idea behind the SOP is the javaScript from one origin should not be able to access the properties of a website on another origin. A SOP bypass occurs when a sitea.com is somehow able to access the properties of siteb.com such as cookies, location, response etc.
The flaws affects the latest version of the Edge Browser, both flaws could be exploited by a remote attacker to bypass same-origin policy on the victim’s web browser.
To successfully exploit these vulnerabilities, the attacker need to do is convince a victim into opening the malicious website, eventually allowing them to steal victim’s sensitive data, like login session and cookies, from other sites visited on the same browser.
Impact
- Security bypass
- Cross Site Scripting
- Credential Theft
Affected Vendors
Microsoft
Affected Products
Microsoft Edge
Internet Explorer
Remediation
Vendor has not released patches/ updates for the affected products.