Date of Discovery: 17.11.2004
Criticality: Critical
Affects: Microsoft Internet Explorer 6.x
Compromise From: From remote
Compromise Type: Hijacking
Summary
A vulnerability has been reported in Internet Explorer, which potentially can be exploited by malicious people to conduct session fixation attacks.
Detailed Description
A vulnerability has been reported in Internet Explorer, which potentially can be exploited by malicious people to conduct session fixation attacks.
The vulnerability is caused due to a validation error in the handling of the path attribute when accepting cookies. This can potentially be exploited by a malicious website, if the trusted site supports wildcard domains or the domain name contains the malicious sites domain, using a specially crafted path attribute to overwrite cookies for the trusted site.
The vulnerability has been reported in Internet Explorer 6.0 SP1 on Microsoft Windows XP SP1. Microsoft Windows XP SP2 is reportedly not affected.
Note: Successful exploitation also requires that the trusted site handles cookies and authentication in an inappropriate or insecure manner.
Solution
Update to Windows XP SP2.
Disable cookies except when needed.
CVE Reference
CVE-2004-1527