This attack differs from "Restful Privilege Escalation" in that the latter correlates to the inadequate securing of RESTful access methods (such as HTTP DELETE) on the server, while cross-zone scripting attacks the concept of security zones as implemented by a browser. InstallBuilder's comprehensive cross-platform support has proven invaluable to us, giving our customers a consistent installation experience no matter what operating system they run on as well as reducing our development costs by avoiding the need to support multiple technologies. This can be accomplished by exploiting bugs in the browser, exploiting incorrect configuration in the zone controls, through a cross-site scripting attack that causes the attackers' content to be treated as coming from a more trusted page, or by leveraging some piece of system functionality that is accessible from both the trusted and less trusted zone. In a cross-zone scripting attack, a page that should be assigned to a less privileged zone is granted the privileges of a more trusted zone. Pages in an untrusted zone would have a lesser level of access to the system and/or be restricted in the types of executable content it was allowed to invoke. In a zone-based model, pages belong to one of a set of zones corresponding to the level of privilege assigned to that page. Bitrock Installbuilder - Bitrock Installbuilder 1.0.1 Bitrock Installbuilder 1.0.2 Bitrock Installbuilder 1.0.3 Bitrock Installbuilder 1.1.0 Bitrock Installbuilder 1.2. This is a privilege elevation attack targeted at zone-based web-browser security. An attacker is able to cause a victim to load content into their web-browser that bypasses security zone controls and gain access to increased privileges to execute scripting code or other web objects such as unsigned ActiveX controls or applets.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |