IBM Application Security Insider: Babylon Cross-Application Scripting

« Cross-Site Scripting through Flash in Gmail Based Services | Main | Vtiger CRM Path Traversal & Malicious Code Execution Vulnerabilities »

November 10, 2010

Babylon Cross-Application Scripting

Hey,

Recently Yair Amit and I have discovered a Cross-Application Scripting (CAS) vulnerability in Babylon which can lead to Remote Code Execution.

The advisory can be downloaded here.

A video which demonstrates the issue:

We would like to thank the Babylon team for their quick responses and the efficient way in which they handled this security issue.

-Roee

Posted by Roee Hay on November 10, 2010 | Permalink

Comments

The comments to this entry are closed.

Follow us on Twitter

IBM Application Security Insider

Follow @AppSecInsider

AppScan Free Trial

Try IBM Security AppScan software at no charge.

Download the free trial

Search

Application Security Links

Become a Fan

Comments or opinions expressed on this Weblog are the opinions of the authors alone. They are not necessarily reviewed in advance by anyone but the individual authors, and neither IBM nor any other party necessarily agrees with them. The views expressed by outside contributors and links to outside websites do not represent the views of IBM, its management or employees. All content on this Weblog has been made available on an “as-is” basis, and IBM shall not be liable for any direct or indirect damages arising out of use of this Weblog.

IBM Application Security Insider

November 10, 2010

Babylon Cross-Application Scripting

Comments

Follow us on Twitter

AppScan Free Trial

Search

Recent Posts

Archives

Categories

Application Security Links

Other Blogs We Read

Pages

Become a Fan