"In October 2006, this author presented a paper exploring the threat of Inter-Protocol
Communication. That is, the possibility of two different applications using two different
protocols to meaningfully exchange commands and data. This paper extends that and
other research to explore Inter-Protocol Exploitation. These findings demonstrate the
practicality of encapsulating exploit code in one protocol to compromise a program
which uses a different protocol."
…
"Research within the area of web browser security, particularly Browser Exploitation
Frameworks, Cross-site scripting Viruses and Inter-Protocol Communication has become
a catalyst for further exploration into Inter-Protocol Exploitation. That is, an attack vector
which encapsulates malicious data within a particular protocol in such a way that the
resultant data stream is capable of exploiting a different application which uses a different
protocol entirely.
For successful exploitation across protocols, at least one precondition needs to be met: a
method to encapsulate the exploit within the carrier protocol. Depending on the
complexity of the handshake, error tolerance and protocol encapsulation may also be
required. These two conditions are discussed in the paper �Inter-Protocol
Communication�, which is the suggested preliminary reading for this paper.
This paper will focus almost exclusively on using HTTP as the carrier protocol for Inter-
Protocol Exploitation. This is due to the ready availability of web browsers on internal
networks and the power of JavaScript. The JavaScript language allows the construction of
arbitrary HTTP/S requests to arbitrary hosts and arbitrary ports."
Whitepaper Link: http://www.ngssoftware.com/research/papers/InterProtocolExploitation.pdf
