Internet Explorer 8 PoC 'URL Shortening Shenanigans Involving Twitter'

MSRT said on last Friday that it was aware of a "publicly disclosed issue involving Internet Explorer", and promised an investigation, without going into details. Circumstantial evidence suggests Microsoft is referring to a post by Google's security researcher Chris Evans, to a Full Disclosure mailing list:"A nasty vulnerability exists in the latest IE8," Evans wrote. […]

MSRT said on last Friday that it was aware of a "publicly disclosed issue involving Internet Explorer", and promised an investigation, without going into details. Circumstantial evidence suggests Microsoft is referring to a post by Google's security researcher Chris Evans, to a Full Disclosure mailing list:

"A nasty vulnerability exists in the latest IE8," Evans wrote. "I've been unsuccessful in persuading the vendor to issue a fix."

"The bug permits — for example — an arbitrary web site to force victim to make tweets," he added.

Evans claims Microsoft has been aware of the bug since 2008, producing a harmless proof-of-concept exploit to illustrate his concerns.

Rik Ferguson of Trend Micro, explained that the exploit works by stealing the (supposedly secret) credentials for an already authenticated browser session, for e.g. Twitter. "Those credentials are then abused to send arbitrary forged content," Ferguson writes.

[Source]