By exploiting this vulnerability, an attacker may conduct a session
fixation attack. In a session fixation attack, the attacker fixes the
user's session ID before the user even logs into the target server, thereby
eliminating the need to obtain the user's session ID afterwards.
# Bug explanation - Session Fixation Attack/Meta Tag Exploitation:
By injecting a custom HTTP header or by injecting a META tag, it is
possible to alter the cookies stored in the browser. Attackers will
normally manipulate cookie values to fraudulently authenticate themselves
on a web site.
If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.
Microsoft Device IO Control wrapped by the iphlpapi.dll API shipping with Windows Vista 32 bit and 64 bit contains a possibly exploitable, buffer overflow corrupting kernel memory.