CSRF CORS attack via phishing using IE8 - by Asif Palimar

Status : 

 


ID 802465 Comments
Status Active Workarounds
Type Bug Repros 0
Opened 9/26/2013 11:59:32 PM
Access Restriction Public

Description

1. Attacker sends user (victim) a file; 
2. Victim accepts local file, via email, message, save (successful phish)
3. In our scenario the DELETE method is contained in local file, sending DELETE method cross domain to another server (CORS CSRF)
4. The browser <IE8/9> is configured to NOT allow active content in Files or CDs

5. If user (Victim) has administrator privledges on local machine the file executes and victim is given no chance to reject running or respond to a challenge

Our customers believe this is a bug as the cross domain request, CSRF attack is successful. Is there a fix for this issue?
This issue only happens on Internet Explorer 8
Sign in to post a comment.
Posted by Microsoft on 11/11/2013 at 4:08 PM
Thank you for your feedback. We will be investigating this issue further.

Best regards,
The Internet Explorer Team