Finjan Software, the leading provider of Internet security solutions for businesses of all sizes, informed Microsoft last week of a cross site scripting vulnerability on its www.xbox360.com website.
"Finjan's Malicious Code Research Center (MCRC) is fully dedicated to the research of new trends in Internet security and the detection of vulnerabilities that could lead to potential malicious attacks," stated Shlomo Touboul, CEO and founder of Finjan Software. "This discovery is another example of our cooperation with Microsoft and other leading software vendors to fix vulnerabilities before they are exploited by the hacking community."
The cross site scripting vulnerability could be potentially exploited to gather personal and confidential information (email address, home address, credit card number, etc.) from innocent consumers wishing to pre-order Microsoft's new gaming console. This type of malicious exploit is commonly known as "Phishing".
On Thursday, May 19th 2005, Finjan provided Microsoft with full technical details, including proof-of-concept, concerning the vulnerability in order to assist Microsoft with the fix. Within 12 hours of Finjan's report, Microsoft completed the fix on its website, which is no longer exposed to this specific vulnerability.