What are the basics of a Web browser exploit?
Can you explain the basics of a Web browser exploit, and can you provide an example of how one can enable an attacker to infect an enterprise system?

To continue reading for free, register below or login

Requires Membership to View

To gain access to this and all member only content, please provide the following information:

By submitting your registration information to searchSecurity.in you agree to receive email communications from the TechTarget network of sites, and/or third party content providers that have relationships with TechTarget, based on your topic interests and activity, including updates on new content, event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile, unsubscribing via email or by contacting us here

  • Your use of searchSecurity.in is governed by our Terms of Use
  • We designed our Privacy Policy to provide you with important disclosures about how we collect and use your registration and other information. We encourage you to read the Privacy Policy, and to use it to help make informed decisions.
  • If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States.

Let's first look at a class of threats where the attacker targets a vulnerability in either the browser or in an application that the browser calls to process a Web request. For example, an attacker could use the mozilla_compareto module -- a Metasploit module that builds on the research of Aviv Raff -- to have their system act as a Web server. When an unsuspecting victim connects to the evil attacker's site, it launches an attack against the browser itself, creating a shell on the target system for the malicious hacker.

An attacker can also target an application that the browser uses to properly render a website. For example, an attacker can attack RealPlayer, QuickTime, or even the victim's antivirus program.

Next, an attacker can submit a malicious Javascript request to the browser, a technique also known as cross-site scripting (XSS) or cross-site request forgery (XSRF). In addition to XSS and XSRF, a creative attacker can gain access to a victim's browsing history, or what is currently in the victim's clipboard. The contents can include the user's password or credit card numbers. The tool that best articulates these attacks is the Browser Exploitation Framework by Wade Alcorn at bindshell.net.

Defense against these types of threats should always focus on educating users not to click on links from strangers and to be wary of certificate errors. Security managers should spend some time considering which websites users need to go to do their jobs. Also consider developing a white-list approach to user Web access. The filtering would permit users to only access websites that are approved, while blocking everything else.

More information:

  • Researchers at this year's Black Hat 2008 conference revealed how to use the browser to elude Vista memory protections.
  • Get the latest browser security news and expert advice.

    • This was first published in October 2008

    Back to top