Vulnerabilidad de un navegador www consistente en
que páginas web con código ejecutable (scripts) ejecutan este en unza zona de
seguridad que no le corresponde, aprovechando que la página se abre en una zona
privilegiada.
Se trata de un problema de escalado de privilegios.
is a browser exploit taking
advantage of a vulnerability within a zone-based security solution. The attack
allows content (scripts) in unprivileged zones to be executed with the
permissions of a privileged zone - i.e. a privilege escalation within the
client (web browser) executing the script. The
vulnerability could be:
·
a web
browser bug which under some conditions allows content (scripts) in one zone to
be executed with the permissions of a higher privileged zone.
·
a web
browser configuration error; unsafe sites listed in privileged zones.
·
a
cross-site scripting vulnerability within a privileged zone
A common attack scenario
involves two steps. The first step is to use a Cross Zone Scripting
vulnerability to get scripts executed within a privileged zone. To complete the
attack, then perform malicious actions on the computer using insecure ActiveX
components.
This type of vulnerability
has been exploited to silently install various malware (such as spyware, remote
control software, worms and such) onto computers browsing a malicious web page.
http://en.wikipedia.org/wiki/Cross_Zone_Scripting
An attacker is able to cause
a victim to load content into their web-browser that bypasses security zone
controls and gain access to increased privileges to execute scripting code or
other web objects such as unsigned ActiveX controls or applets. This is a
privilege elevation attack targeted at zone-based web-browser security. In a
zone-based model, pages belong to one of a set of zones corresponding to the
level of privilege assigned to that page. Pages in an untrusted zone would have
a lesser level of access to the system and/or be restricted in the types of
executable content it was allowed to invoke. In a cross-zone scripting attack,
a page that should be assigned to a less privileged zone is granted the
privileges of a more trusted zone. This can be accomplished by exploiting bugs
in the browser, exploiting incorrect configuration in the zone controls,
through a cross-site scripting attack that causes the attacker's content to be
treated as coming from a more trusted page, or by leveraging some piece of
system functionality that is accessible from both the trusted and less trusted
zone. This attack differs from "Restful Privilege Escalation" in that
the latter correlates to the inadequate securing of RESTful access methods
(such as HTTP DELETE) on the server, while cross-zone scripting attacks the
concept of security zones as implemented by a browser.
Attack Pattern 104
http://capec.mitre.org/data/index.html