1 Answers
Cross-zone scripting is a browser exploit taking advantage of a vulnerability within a zone-based security solution. The attack allows content in unprivileged zones to be executed with the permissions of a privileged zone - i.e. a privilege escalation within the client executing the script. The vulnerability could be:
A common attack scenario involves two steps. The first step is to use a cross-zone scripting vulnerability to get scripts executed within a privileged zone. To complete the attack, then perform malicious actions on the computer using insecure ActiveX components.
This type of vulnerability has been exploited to silently install various malware onto computers browsing a malicious web page.
4 views
Answered