Cross Zone Scripting

a web browser bug which under some conditions allows content (scripts) in one zone to be executed with the permissions of a higher privileged zone.

a web browser configuration error; unsafe sites listed in privileged zones.

a Cross-site Scripting vulnerability within a privileged zone

A common attack scenario involves two steps. The first step is to use a Cross Zone Scripting vulnerability to get scripts executed within a privileged zone. To complete the attack, then perform malicious actions on the computer using insecure ActiveX components.

This type of vulnerability has been exploited to silently install various Malware (such as Spyware , remote control software, Worms and such) onto computers browsing a malicious web page.

ORIGINS OF THE ZONE CONCEPT

Internet Explorer introduced a security Zone concept into Internet Explorer. However, this is a generic issue which is not Internet Explorer specific; some other browsers also implicitly implement the Local Computer zone.

There are four well known zones in Internet Explorer:

Internet. The default zone. Everything which does not belong to other zones.

Local intranet.

Trusted sites. Usually used to list trusted sites which are allowed to execute with insane security permissions (e.g. run unsafe and unsigned ActiveX objects).

Restricted sites.

Q174360: How to use security zones in Internet Explorer .

There is also an additional hidden zone:

Local Computer zone (or ''My Computer'' zone). This zone is particularly interesting because it can access files on the local computer. Historically this zone has been extremely insecure, but in recent versions Internet Explorer (for Windows XP) steps have been taken to reduce risks associated with zone.

Local intranet, '''Trusted sites''' and '''Local Computer''' are usually configured to be privileged zones. Most Cross Zone Scripting attacks are designed to jump from '''Internet''' zone to a privileged zone.

CROSS-ZONE SCRIPTING EXAMPLES

Cross-zone scripting into Local Computer Zone

This type of exploits attempts to execute code in the security context of Local Computer Zone.

The following HTML is used to illustrate a naive (non-working) attempt of exploitation:

A computer which considers intranet.example.com a part of ''Local Intranet'' zone will now successfully be cross zone scripted.

Cross-zone scripting into Trusted Sites Zone

A well known example is the %2f bug in Internet Explorer. It was discovered that the following URL



http://windowsupdate.microsoft.com%2f.example.com/

executed with "Trusted Sites" permission if windowsupdate.microsoft.com was listed as a trusted site.

EXTERNAL LINKS

Secunia SA11830 Internet Explorer Security Zone Bypass and Address Bar Spoofing An vulnerability in (Internet Explorer) reported by ''bitlance winter'' which allows Cross Zone Scripting into Trusted Sites)

Q174360: How to use security zones in Internet Explorer . Microsoft article explaining the Zone concept and how to configure it

	APPAREL
	BABY
	BEAUTY
	BOOKS
	CAR TOYS
	CELL PHONES
	DVD'S
	ELECTRONICS
	GOURMET FOOD
	GROCERIES
	HEALTH & PERSONAL
	HOME & GARDEN
	JEWELRY
	MUSIC
	MUSIC INSTRUMENTS
	OFFICE PRODUCTS
	SOFTWARE
	SPORTING GOODS
	TOOLS & HARDWARE
	TOYS
	VIDEO GAMES
	SHOPPING HOME

	MORE SHOPPING...

	CATEGORIES ABOUT CROSS-ZONE SCRIPTING

	web security exploits

	system administration

Information About

Cross Zone Scripting